Meraki

Community

VMX + SAML + Client VPN + Site to Site

podgerama
New here
‎Mar 6 2024 6:48 AM
‎Mar 6 2024 6:48 AM

VMX + SAML + Client VPN + Site to Site

I'm trying to find out if the following is possible.

 

We want an Azure hosted VMX to make a site to site IPSEC tunnel to an application provider. easy so far

 

We also want the VMX to terminate Client VPN's using SAML with Entra ID as an identity provider and utilise Microsoft Authenticator to MFA the connections.

 

What we are trying to achieve is for remote workers to VPN to the vMX, authorise it with Microsoft Authenticator, and once connected be able to route traffic through the site to site IPSEC tunnel to get to the secure app.

 

Is this feasible? thanks for reading!

0 Kudos
1 Reply 1
bryona
Meraki Employee
Meraki Employee
‎Mar 11 2024 8:21 AM
‎Mar 11 2024 8:21 AM

Hi podgerama,

 

You can use SAML for authentication on AnyConnect natively on an MX, though if the option is not listed I would contact support to enable that for you.

 

For traditional client VPN, you'll need to lean on your RADIUS server to interface with SAML.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.