Meraki Community

MeauxDawg

Is there a way to authenticate VPN users again Entra with out using third party or additional apps or servers.

From what I understand I would have to set up a radius server or third party to use radius. I would have to use something like anyconnect or a third party to us SAML.

I have seen sort of hints or people saying you can set up SAML without any additional cost or software. I am not finding a definitive answer on this. Can an MX series with VPN server that is connected to by the windows native VPN client be authenticated to Entra. If so can someone point me to the documentation.

Mloraditch

You can not currently use Entra with the native VPN Client as an authentication source directly. The options are Radius or On-Prem AD.

You can do it with AnyConnect as here: https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA...

I would not anticipate any development to let you use the older VPN with Entra directly. Between RADIUS and AnyConnect there are plenty of solutions that will work already.

MeauxDawg

Any of those solutions available without extra subscriptions? We got bought, moved from on prem AD to Entra and from cisco to meraki. I am just trying to figure out how to make this stuff work. I have already read the anyconnect documentation. Thanks.

PhilipDAth

It requires you to buy Cisco AnyConnect licences. I think they are well priced for what you get ...

GreenMan

As Mloraditch has suggested; you'll have a much better experience via AnyConnect (or Cisco Secure Client as it's now known). SAML auth being just one of the advantages.

MeauxDawg

There are no solutions that doesn't require extra subscriptions? Does something like the meraki dashboard application in Entra but for VPNs not exist? I'm guessing not, but was hopeful. Thanks.

Meraki Community

VPN Authentication

VPN Authentication