VMX + SAML + Client VPN + Site to Site

podgerama
New here

VMX + SAML + Client VPN + Site to Site

I'm trying to find out if the following is possible.

 

We want an Azure hosted VMX to make a site to site IPSEC tunnel to an application provider. easy so far

 

We also want the VMX to terminate Client VPN's using SAML with Entra ID as an identity provider and utilise Microsoft Authenticator to MFA the connections.

 

What we are trying to achieve is for remote workers to VPN to the vMX, authorise it with Microsoft Authenticator, and once connected be able to route traffic through the site to site IPSEC tunnel to get to the secure app.

 

Is this feasible? thanks for reading!

1 Reply 1
bryona
Meraki Employee
Meraki Employee

Hi podgerama,

 

You can use SAML for authentication on AnyConnect natively on an MX, though if the option is not listed I would contact support to enable that for you.

 

For traditional client VPN, you'll need to lean on your RADIUS server to interface with SAML.

Get notified when there are additional replies to this discussion.