Meraki

Community

vMX client VPN with Umbrella client

Juraj7
Here to help
‎Mar 12 2023 5:21 PM
‎Mar 12 2023 5:21 PM

vMX client VPN with Umbrella client

Hi all,

 

I'm new here so hopefully this is the correct place to post.

 

Got vMX in AWS and I can connect to it from a PC without Umbrella client without any issues (we aren't using AnyConnect).

 

With Umbrella client however I never get prompted for credentials. I spoke with Umbrella support, they suggested making few changes but none helped. 

 

Was anyone successful in making it work or does Cisco just require AnyConnect licensing?

 

thanks

Labels:
0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 12 2023 6:05 PM
‎Mar 12 2023 6:05 PM

How does AnyConnect licensing work with the Meraki MX/vMX appliance?

Customers are expected to have a valid AnyConnect license to use AnyConnect with the MX Appliance. Customers are not required to validate their licenses via the Meraki MX or the dashboard. Customers will only be required to accept terms and conditions of use before they can enable AnyConnect. If you are already using AnyConnect or setting it up for the first time, there will be a dashboard notification to accept the terms and conditions of use. There will be no disruption of the AnyConnect service for active networks.

 

Check the documentation about integration with umbrella.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Juraj7
Here to help
‎Mar 12 2023 6:41 PM
‎Mar 12 2023 6:41 PM

But I don't need AnyConnect if I'm just using Windows built-in VPN client

0 Kudos
In response to Juraj7
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 12 2023 6:48 PM
‎Mar 12 2023 6:48 PM

Anyconnect is more powerful and stable than native Windows client.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
MyHomeNWLab
A model citizen
‎Mar 13 2023 1:53 AM
‎Mar 13 2023 1:53 AM

When using Umbrella Roaming Client, 127.0.0.1 is registered as the Windows DNS setting.

This specification may cause conflicts if DNS settings are changed by the VPN Client during the VPN connection.

It is recommended that you check to see whether your environment corresponds to the restrictions.

 

Umbrella Roaming Client (standalone): Compatibility Guide for Software and VPNs – Cisco Umbrella
https://support.umbrella.com/hc/en-us/articles/230561147-Umbrella-Roaming-Client-VPNs-and-VPN-Compat...

> The Umbrella roaming client binds to all network adapters and changes DNS settings on the computer to 127.0.0.1 (localhost). This allows the Umbrella roaming client to forward all DNS queries directly to Umbrella while allowing resolution of local domains through the Internal Domains feature.

 

> *The Umbrella roaming client is partially incompatible with VPN clients which monitor and force local DNS settings to remain the VPN-set values;

Frank-NL
Getting noticed
‎Mar 13 2023 5:59 AM
‎Mar 13 2023 5:59 AM

Hi, did you try to configure the remote host in the windows vpn config based on the external IP of the VMX (instead of the dynamic hostname)

0 Kudos
In response to Frank-NL
Frank-NL
Getting noticed
‎Mar 13 2023 6:01 AM
‎Mar 13 2023 6:01 AM

The roaming client is only interfering with DNS and web traffic (if using the smart proxy)  so it’s probably because something is not resolving correctly or there is a conflict (post above from myhomenwlab)

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 13 2023 11:06 AM
‎Mar 13 2023 11:06 AM

In Umbrella, try and define the DNS name that the client is connecting to as a local domain (so it doesn't pass through Umbrella).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.