Allow more modern VPN protocols on MX VPN Client configuration

DWma
New here

Allow more modern VPN protocols on MX VPN Client configuration

Hi,

We've been using Meraki over 6 or more years, things are changing, but not VPN Client configuration on Meraki MX appliances...

 

Unfortunately it's PAIN to use it, because:

  1. From Android 12 or 13 - there's no official method of configuring IPSec/L2TP (only IPSec/IKEv2 variants).
  2. Next thing - configuring VPN access on Windows machines via GPO is really a pain in the a**, because you CANNOT do it via CMAK (old Connection Management Administration Kit) - you still have to do some manual work (reconfiguring on each endpoint).

    Currently we're using some GPO, that runs Powershell script, to install computer-wide VPN connection (the new Windows 10 native style VPN connection), but there's preshared VPN key as a cleartext, which is not safe...
    Additionally we're messing with %programdata%\Microsoft\Network\Connections\Pbk\rasphone.pbk file directly. So when I want to add another VPN connection manually on some endpoint, it doesn't work, because client profile is using different rasphone.pbk (in different location such as: <USER_PROFILE>\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk)
8 REPLIES 8
alemabrahao
Kind of a big deal
Kind of a big deal

You can use Anyconnect as a client VPN.

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

It's not a solution, since it need paid licenses for anyconnect.

alemabrahao
Kind of a big deal
Kind of a big deal

Well, With any other vendor you need to pay for licenses to use a more robust VPN client, but if you don't want to pay, check out this other VPN client.

 

https://www.draytek.com/products/smart-vpn-client/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I don't need any additional app like AnyConnect or OpenVPN or other_closed_solution.

Just want to use some "normal" IPSec configuration variant, that I can configure natively on each client regardless OS (Windows / macOS / Linux / Android etc).

alemabrahao
Kind of a big deal
Kind of a big deal

So just "make a wish" for Meraki team, or buy the Anyconncet licenses and be happy. 🙂

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Licensing_o...

 

alemabrahao_0-1674482555329.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

A wish, that never comes true 😉

 

KarstenI
Kind of a big deal
Kind of a big deal

Probably because everyone else just uses AnyConnect and is happy about a rock solid and powerful VPN.

And no, the PLUS (or Advantage license as it's called nowadays) is not that expensive.

Brash
Kind of a big deal
Kind of a big deal

This is not uncommon for Meraki where a product is slowly phased out where there is a better option available - or a similar option already within the Cisco portfolio.
A few examples are:

 - No longer supporting USB 4G dongles with the release of the MG21 and MG41 products.

 - Stopping development on SSL decryption on the MX with the integration of Cisco Umbrella which can do cloud based SSL decryption.

In this case, Anyconnect is a far superior product with better stability, features and functionality. Since it has MX integration (and has done for a little while now), the Meraki VPN is more-or-less being left behind in terms of its functionality.

If I were you, I'd begin looking at Anyconnect, or another VPN option rather than trying to stick with the Meraki native VPN.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels