- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Allow more modern VPN protocols on MX VPN Client configuration
Hi,
We've been using Meraki over 6 or more years, things are changing, but not VPN Client configuration on Meraki MX appliances...
Unfortunately it's PAIN to use it, because:
- From Android 12 or 13 - there's no official method of configuring IPSec/L2TP (only IPSec/IKEv2 variants).
- Next thing - configuring VPN access on Windows machines via GPO is really a pain in the a**, because you CANNOT do it via CMAK (old Connection Management Administration Kit) - you still have to do some manual work (reconfiguring on each endpoint).
Currently we're using some GPO, that runs Powershell script, to install computer-wide VPN connection (the new Windows 10 native style VPN connection), but there's preshared VPN key as a cleartext, which is not safe...
Additionally we're messing with %programdata%\Microsoft\Network\Connections\Pbk\rasphone.pbk file directly. So when I want to add another VPN connection manually on some endpoint, it doesn't work, because client profile is using different rasphone.pbk (in different location such as: <USER_PROFILE>\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk)
- Labels:
-
Client VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use Anyconnect as a client VPN.
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's not a solution, since it need paid licenses for anyconnect.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, With any other vendor you need to pay for licenses to use a more robust VPN client, but if you don't want to pay, check out this other VPN client.
https://www.draytek.com/products/smart-vpn-client/
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't need any additional app like AnyConnect or OpenVPN or other_closed_solution.
Just want to use some "normal" IPSec configuration variant, that I can configure natively on each client regardless OS (Windows / macOS / Linux / Android etc).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So just "make a wish" for Meraki team, or buy the Anyconncet licenses and be happy. 🙂
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A wish, that never comes true 😉
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably because everyone else just uses AnyConnect and is happy about a rock solid and powerful VPN.
And no, the PLUS (or Advantage license as it's called nowadays) is not that expensive.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not uncommon for Meraki where a product is slowly phased out where there is a better option available - or a similar option already within the Cisco portfolio.
A few examples are:
- No longer supporting USB 4G dongles with the release of the MG21 and MG41 products.
- Stopping development on SSL decryption on the MX with the integration of Cisco Umbrella which can do cloud based SSL decryption.
In this case, Anyconnect is a far superior product with better stability, features and functionality. Since it has MX integration (and has done for a little while now), the Meraki VPN is more-or-less being left behind in terms of its functionality.
If I were you, I'd begin looking at Anyconnect, or another VPN option rather than trying to stick with the Meraki native VPN.