Hi all,
I'm new here so hopefully this is the correct place to post.
Got vMX in AWS and I can connect to it from a PC without Umbrella client without any issues (we aren't using AnyConnect).
With Umbrella client however I never get prompted for credentials. I spoke with Umbrella support, they suggested making few changes but none helped.
Was anyone successful in making it work or does Cisco just require AnyConnect licensing?
thanks
Customers are expected to have a valid AnyConnect license to use AnyConnect with the MX Appliance. Customers are not required to validate their licenses via the Meraki MX or the dashboard. Customers will only be required to accept terms and conditions of use before they can enable AnyConnect. If you are already using AnyConnect or setting it up for the first time, there will be a dashboard notification to accept the terms and conditions of use. There will be no disruption of the AnyConnect service for active networks.
Check the documentation about integration with umbrella.
But I don't need AnyConnect if I'm just using Windows built-in VPN client
Anyconnect is more powerful and stable than native Windows client.
When using Umbrella Roaming Client, 127.0.0.1 is registered as the Windows DNS setting.
This specification may cause conflicts if DNS settings are changed by the VPN Client during the VPN connection.
It is recommended that you check to see whether your environment corresponds to the restrictions.
Umbrella Roaming Client (standalone): Compatibility Guide for Software and VPNs – Cisco Umbrella
https://support.umbrella.com/hc/en-us/articles/230561147-Umbrella-Roaming-Client-VPNs-and-VPN-Compat...
> The Umbrella roaming client binds to all network adapters and changes DNS settings on the computer to 127.0.0.1 (localhost). This allows the Umbrella roaming client to forward all DNS queries directly to Umbrella while allowing resolution of local domains through the Internal Domains feature.
> *The Umbrella roaming client is partially incompatible with VPN clients which monitor and force local DNS settings to remain the VPN-set values;
Hi, did you try to configure the remote host in the windows vpn config based on the external IP of the VMX (instead of the dynamic hostname)
The roaming client is only interfering with DNS and web traffic (if using the smart proxy) so it’s probably because something is not resolving correctly or there is a conflict (post above from myhomenwlab)
In Umbrella, try and define the DNS name that the client is connecting to as a local domain (so it doesn't pass through Umbrella).