Hello,
I use Active Directory authentication for VPN access on my MX64.
It works fine, and users can authenticate.
I would like to restrict the VPN access to an OU or a group of users.
Is it possible?
Solved! Go to solution.
You can use an existing server, like an AD server, and just add the role to it.
BUT it might be quite a steep learning curve. It would be worthwhile getting someone to help.
Otherwise, this guide explains how to do it.
https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN
You would need to change to using RADIUS and use the Microsoft NPS RADIUS server.
Typically you restrict access to a group rather than an OU (never tried an OU - so not sure about that specific case).
@PhilipDAth I have no experience with radius. Can I create on an existing server, or do I need a dedicated one?
You can use an existing server, like an AD server, and just add the role to it.
BUT it might be quite a steep learning curve. It would be worthwhile getting someone to help.
Otherwise, this guide explains how to do it.
https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN
@PhilipDAth I've created the Radius server and selected the appropriate group. It works like a charm.
Thank you for your help.
Well done!
Some additional benefits you'll gain: