Meraki Vpn Client Download Windows 10

On-device Enrollment

Hi, when our users connect to VPN (Windows 10 VPN on Meraki) they used to be able to access a client application on a SQL server host (also a Windows 10 Pro box).but something recently happened on the host (uninstalled Norton security and it likely reset a bunch of stuff) and now client VPN users. Having come across many complaints recently regarding the instability of the native Windows 10 VPN client (lots of people working from home due to the pandemic and such). I thought it would be handy to leave a little guide here on how to use an alternative third party client from DrayTek, which works for me with my MX (tested on Firmware 15.25+).

Download the Agent Installer. In Dashboard, navigate to Systems Manager Manage Add devices Windows. Click the Download button. MerakiPCCAgent.msi should begin downloading. The installer can also be reached by navigating to m.meraki.com, entering the 10-digit network ID found in Dashboard, and downloading the agent there. Supports PPTP, L2TP, L2TP/IPsec, IPsec, IKEv2, OpenVPN, and SSL VPN.

If you have a Dashboard account set up with an EMM network, you can find instructions under Systems Manager > Manage > Add devices, or follow along the steps below.

Note that there are two methods for Windows installation: Agent or Profile. Either one can be used for enrollment, but since each enables a different subset of features, both should be utilized when possible to access all available MDM features.

Profile installation is only supported on Windows 10 and only on non-Legacy Systems Manager accounts. Other Windows desktop versions, and Legacy customers will need to use the agent installation.

Agent Installation

It is important to note that for agent versions up to v3.0.3, the agent installer package is network specific, meaning you must use an install package downloaded directly from the Systems Manager network from which you wish to manage your clients. Agent versions starting with v3.1 and up are network-agnostic.

In addition, Systems Manager software must be installed with local administrator privileges as applicable by the device type.

Download the Agent Installer

In Dashboard, navigate to Systems Manager > Manage > Add devices > Windows. Click the Download button. MerakiPCCAgent.msi should begin downloading.
The installer can also be reached by navigating to m.meraki.com, entering the 10-digit network ID found in Dashboard, and downloading the agent there.
Note that this installer will enroll devices into the Systems Manager network it was downloaded from.

Run the Agent Installer

Version 1.0 - 3.0.3

After the installer finishes downloading, double-click MerakiPCCAgent.msi and click Run when prompted.
Accept the Licensing Agreement and click Install.
Once the Systems Manager Agent has finished installing, your Windows device will show up under Monitor > Clients in Dashboard as soon as it has an Internet connection.

Version 3.1.0+

After the installer finishes downloading, double-click SMAgent-x.x.x.msi and click Run when prompted.
Accept the Licensing Agreement and click Next.
Enter the Network ID or Network Enrollment String at the prompt then click Next
Confirm the desired enrollment network name appears and then click Next
Click Install
Once the Systems Manager Agent has finished installing, your Windows device will show up under Monitor > Clients in Dashboard as soon as it has an Internet connection.

Command Line Options

The agent can be installed via command line to support use cases where scripting for mass deployment and/or silent installation are required. To install the agent silently via command line run the following commands

Version 1.0 - 3.0.3

msiexec.exe /q /i <Path to agent installer msi>
ex. msiexec.exe /q /i c:/temp/MerakiPCCAgent.msi

Version 3.1.0+

msiexec.exe /q /i <Path to agent installer msi> ENROLLMENT_CODE=<network enrollment code or enrollment string>
ex. msiexec.exe /q /i c:/temp/SMAgent-x.x.x.msi ENROLLMENT_CODE=123-45-6789
ex. msiexec.exe /q /i c:/temp/SMAgent-x.x.x.msi ENROLLMENT_CODE=smnetworkenrollmentstring

You can also use methods like Systems Manager Sentry or Active Directory Group Policy Objects to install the agent en masse.

Profile Installation

Note: Systems Manager can only push user-level settings (e.g. a payload with restrictions, wifi) to the device if the MDM-enrolled user is currently logged into the device. Other agent based features which do not change user-level settings (such as agent live tools) should work no matter which user is logged in. For more information on the differences between Windows agent and profile enrollment features, refer to the Systems Manager Agent and MDM Profile Enrollment document.

Open Work Access Settings

Navigate to Systems Manager > Manage > Add devices > Windows.
Option 1: From the device, you wish to enroll, navigate to m.meraki.com, and enter the 10-digit network id found in Dashboard.Click the 'Open workplace settings' link to open the Work Access settings page. The agent can be downloaded from this page as well.
Option 2: In Windows settings, navigate to 'Settings > Accounts > Access work or school.' You can also search 'Connect to work or school' in your Windows menu to find the below page.
On native Windows 10, click 'Enroll only in device management'.

Enter an email address and click Next.

Note: Any email can be entered here, as it is not used to authenticate the enrollment. If your organization has InTune bundled in with your Office365 or Azure instance, do not enter a domain-joined email, as it will begin enrollment into InTune instead of prompting for your server information to complete the following steps.

In the Server box, enter your server URL (check your browser URL while signed into Dashboard, e.g. n155.meraki.com), and click Connect or Continue.

Enter your network ID, where XXX-XXX-XXXX is the network-specific ID.
Click register. You should see a message that the device is 'Connected to Systems Manager' as below. The device will automatically synchronize with the Meraki Cloud and appear in the client list.

Learning has never been so easy!

Cisco Meraki uses the integrated Windows client for VPN connection (no Cisco client at this time).

To be able to connect with simple AD user account credentials, along with a simple pre-shared key, the steps are very simple.

9 Steps total

Step 1: Get started

Click on Start and type in VPN, click on Change Virtual Private Networks (VPN)

Step 2: Add connection

Click on Add a VPN connection

Step 3: Configure Windows connection

Pick VPN provider as Windows
Name the connection
Put in server name or IP
Switch VPN type to L2TP/IPsec with pre-shared key
Switch Type of sign in to User name and password
Enter the username and password if you want to save it, or leave blank and user will have to enter it on connection
Hit Save

Step 4: Edit settings

Once you hit Save, it will bring you back to the connection page
Click on Change Adapter Options

Step 5: Configure adapter

In the adapter window, click on the adapter with the name you created in the VPN window
Click on Change settings of this connection

Step 6: Step 6

Click on Security tab
Make sure Type of VPN is still Layer 2 Tunneling Protocol with IPsec
Set Data encryption to Require encryption (disconnect if server declines)
Set Allow these protocols
Check Unencrypted password (PAP) - will still be, so don't worry
Click Advanced settings

Meraki Vpn Client Download Windows 10 64-bit

Step 7: Add key

In the Advanced settings, click on Use preshared key
Type in the key you want to use
Hit OK to go back to the adapter settings
Click OK to close the adapter settings and save.
Close all other windows at this point.

Step 8: Connect

Meraki Vpn Client Download Windows 10 Gratis

Connect ...
Click on the network icon in the system tray
Click on the VPN network connection name
Click on Connect

Step 9: Verify and disconnect

Verify you are connected
Click on the network system tray icon again if the window closed or minimized
You should now see the VPN network name listed and Connected underneath it
(If you are done with your connection, click on it and click Disconnect)

Now and then Windows Updates breaks the encryption settings by changing from PAP to MS-CHAP. If users could connect before, but suddenly can't while others can, revisit Step# 6 and verify PAP is turned on, not MS-CHAP. Save and all set!

Configure Meraki Vpn Client

8 Comments

Chipotle
BMG_Zone Jun 20, 2018 at 12:42pm
I have a customer who is stating:
We've run into a weird problem where the built in Windows 10 vpn gets its settings changed whenever the wifi network changes. We have consultants who travel to various client sites and every time they try to connect to our vpn server they have to fix their vpn settings. The company we had hired to set up our vpn server said they can't help us with this, probably because it's a Windows issue
Any Ideas?
Habanero
KrasimirPetrov_ Oct 31, 2018 at 02:46am
Good read. Thank you very much for sharing.
Excellent tutorial
Sonora
LRSpartan Jan 8, 2019 at 04:49pm
We have been trying to overcome the same problems with MX64 and making an outbound rule entry in Windows Defender Firewall is what helped us. We had performed all the other instructions Meraki and MSFT had provided including the regedit (asumeUDPEncap...).
We created a UDP port rule for 500, 4500 and scoped it to our vpn IP address. Finally works.
I hope this helps.
Pimiento
ericguth2 Jan 28, 2020 at 09:00am
LRSpartan - are you saying that you port forward UDP 500 and 4500 to your VPN range 192.168.XXX.00/24?
Poblano
AaronTheYoung Feb 3, 2020 at 08:15pm
We are constantly plagued by our VPN connection losing its settings as well. I'm not sure if this it relates to change in WiFi, but the people that it occurs with do seem to be people that change WiFi often. Others who are using it from one network at home seem to not have the issue.
In any case, I am constantly connecting to users who are remote and fixing their settings. Either resetting their Username and Password settings or fixing the PAP/CHAP protocol settings.
Is there a way to use the Powershell command ADDVPNConnection to create a script that would re-create the settings in one fell swoop?
Any help would be appreciated.
Datil
troberts2 Mar 4, 2020 at 08:22pm
We have seen those same settings and we hear there may be a Meraki VPN Client or Cisco AnyConnect Client that is Meraki compatible in the near future, but that has also been ongoing for like 3 to 4yrs now. Once it comes out, should be a moot point on Microsponge changing your settings. I have seen the same issue though, seems to be mostly tied to Microsoft and the firewall flipping the network to public and effectively blocks like everything so you can't connect. Only way we have gotten it to work is when on that network, switch it from Public to Private, reboot the machine and possibly also the network router you are using and then it works, and yes you are sharing when connected initially to that network, but once on the VPN, tunneled into your network and secure again. Fingers X'd on the client coming out vs WinDoze client.
Pimiento
spicehead-hu3x0 Apr 14, 2020 at 06:09pm
The Dreytek VPN client works for the meraki, I hope Cisco comes out with their own soon.
Jalapeno
branchms Jan 21, 2021 at 10:04pm
I'm having nothing but trouble getting this to connect.
Using windows 10 and Meraki MX64.
Can you suggest a resolution?

Natureload543