Meraki

Community

Systems Manager VPN Settings

DCHGIT
Comes here often
‎Dec 12 2023 1:54 PM
‎Dec 12 2023 1:54 PM

Systems Manager VPN Settings

Hello Everyone,

 

I am trying to configure a VPN payload for iOS in Systems Manager but I cannot get it working for our VPN client. I believe I'm getting hung up on the Local vs. Remote identifiers. I am assuming the Local identifier is the app ID but what is the Remote identifier?

 

Other MDM's I've worked with allowed for a Connection Type of "Custom" and would ask for an Identifier and/or app bundle ID. I'm just guessing on using IKEv2 here and I'm not sure if the IDs match what Systems Manager is looking for.

 

Labels:
0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 12 2023 4:03 PM
‎Dec 12 2023 4:03 PM

When configuring a VPN payload for iOS in Cisco Meraki’s Systems Manager, the Local Identifier is typically the identifier for your client or device, which could be an app ID, a user principal name (UPN), or an email address. The Remote Identifier is used to identify the VPN server or the remote end of the VPN connection. It’s often set to the server’s domain name or IP address.

 

For IKEv2 VPN connections, the Local Identifier can be the user’s email address or another unique identifier, and the Remote Identifier would be the VPN server’s address. If you’re using a custom VPN client, the app bundle ID might be used as part of the VPN configuration, but it’s not typically the Local Identifier.

 

In Systems Manager, if you’re setting up a manual VPN configuration, you’ll have the option to specify these identifiers. If you’re using Sentry VPN, which automates the VPN setup process, the identifiers may be managed automatically based on the settings of the MX Security Appliance or VM Concentrator in your Dashboard organization.

 

If you’re unsure about the correct identifiers to use, it’s best to consult with your VPN service provider or network administrator to ensure that the identifiers match the VPN server’s configuration. Additionally, you can refer to the Systems Manager VPN Configurations and Sentry VPN documentation for more detailed instructions on setting up VPN payloads in Systems Manager.

 

Systems Manager VPN Configurations and Sentry VPN - Cisco Meraki

 

Systems Manager Logging and Troubleshooting - Cisco Meraki

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PaulF
Meraki Employee
Meraki Employee
‎Dec 13 2023 8:54 AM
‎Dec 13 2023 8:54 AM

meraki currently doesn't have support for 3rd party VPN providers custom attributes other than Cisco Anyconnect

 

The only resolution currently would be to create your VPN config inside Apple Configurator and upload that to SM using the custom mobile config capability:

 

Screenshot 2023-12-13 at 16.43.55.png

 

Whilst you'd still be able to us a static cert for Clint auth, you'd lose the ability to use a unique cert per device capability of SM

 

Details:

 

 

 

Screenshot 2023-12-13 at 16.44.46.png

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.