AnyConnect VPN support for MX devices

SOLVED
SLR
Building a reputation

AnyConnect VPN support for MX devices

Good Day -

 

Any status on when we expect to have full cisco anyconnect vpn support for the MX appliances? Thank you in advance been asking for 3 years now. 

1 ACCEPTED SOLUTION
Nash
Kind of a big deal

I hate to be a buzzkill, @DillonofAnch17 but the sales reps have been saying "in the next 6 months" for the last couple of years. It's for reasons beyond their control, but I wouldn't get excited about AnyConnect support until you can start applying AnyConnect licenses to MX devices.

View solution in original post

112 REPLIES 112
SunnyJ
Meraki Alumni (Retired)

Thanks for your patience. There is no update on the status and MX is still not supporting Cisco Anyconnect VPN at this time. However, Meraki is making exciting changes on a new beta firmware - 15.x. Please check back with Support periodically for a new feature. 

 

Thanks,

 

Sunny Joo

 

If this was helpful, click the Kudos button below. Also, If your issue was resolved, please mark the post resolved so other users can benefit in future.
lbouchard
Conversationalist

Where can we read more about new feature of the 15.x firmware?

@lbouchard I usually check these from dashboard: Organization -> Firmware upgrades. Running beta enabled org.

NFL0NR
Getting noticed

how much longer is 15 going to be in beta?  I've been hearing about "the wonderful advancements in firmware 15" for about 6 months.  

cmr
Kind of a big deal
Kind of a big deal

@NFL0NRfirmware stays in beta until I think ~10% of users install it, with 15.x incrementing rapidly this will take some time! We run 15.x on our production SDWAN but even with fairly regular updating we have some devices on 15.14, some on 15.15 and some on 15.16 so we aren't contributing much to the % of any of them...

DillonofAnch17
Getting noticed

@SLR While at Cisco Live last month I spoke with a few different Meraki employees who have spoken that the MX's will support Anyconnect eventually and it's more of a when and not if. This would be huge if it's going to be available on Beta. I will be watching closer now!

That‘d be phantastic news indeed!
Nash
Kind of a big deal

I hate to be a buzzkill, @DillonofAnch17 but the sales reps have been saying "in the next 6 months" for the last couple of years. It's for reasons beyond their control, but I wouldn't get excited about AnyConnect support until you can start applying AnyConnect licenses to MX devices.

SLR
Building a reputation

I second this...

 

 

Arnout
Conversationalist

Any update regarding the AnyConnect support? I really need this!

Rebry
Here to help

I am going to bounce this up again! 

 

anyone got any news? 

SLR
Building a reputation

I got an email that is actively in development. They think they will have a beta to announce very soon.

 

I will believe it when I see it.

 

they have been saying this for years.

dadinh
Here to help

Our sales rep just confirmed it going live in May this year!

Woohoo! 

 

It's the best news of this decade! 

Roska
A model citizen

Seeing is believing

lbouchard
Conversationalist

In the era of Trump and fake news, who can believe this anymore?

well true, but I like to believe in the good in people.
Since we also asked about this feature about 2 months ago, with the answer "no date", and now Meraki proactively informed us about this, there is maybe more to it than normally.
Roska
A model citizen

I believe you´ve managed to get some attention and into the closed beta group. Good luck, please post reply here if you hear something. Thanks

SLR
Building a reputation

I need in on any beta testing group for anyconnect support as we have been waiting forever since we first installed the devices into our org.

dadinh
Here to help

I'm currently on a Cisco training and I got it approved again.
Anyconnect for Meraki is more or less already finished is is getting implemented into the beta now.

Wow, finally, this will be GREAT!!!

Was told today same thing. I am getting an additional MX through SHI and my account manager was going back and forth with his Meraki point of contact. Then I remembered this thread so I asked him about AnyConnect. He came back and said that he was told AnyConnect is in beta and release should be late spring. Exciting news to say the least.

 

So the real question is: has anyone taken a 4K picture of Big Foot yet?

Nash
Kind of a big deal

You know, I really hope we can hear from some of the beta testers.

 

I need to know if this will let me create multiple VPN user groups and specify split tunnel easily or not. Like, is it AnyConnect AnyConnect? Or is it AnyConnect as an SSL VPN client, but no real changes otherwise?

cmr
Kind of a big deal
Kind of a big deal

I'd bet on it being the latter option...

Nash
Kind of a big deal


@cmr wrote:

I'd bet on it being the latter option...


Which is cool. I love dumping all of an end user's traffic out through my client's 10/1 Mbps DSL pipe when they're working from home and streaming music or Youtube.

In which firmware version it will be supported? I'm going to upgrade to 15.27 MX version but it seems still not mentioned... any news about it?

MX250/450 and MX67/68 are the testing platforms on closed beta.

cmr
Kind of a big deal
Kind of a big deal

@Roska what firmware version is needed, or is that not relevant?

Roska
A model citizen

EDIT: closed beta FW push. Unfortunately not aware of the FW version required.

NFL0NR
Getting noticed

The version has to be pushed to your device, and the only way that happens is if you get into the closed beta.

Once enabled by support in the closed beta, is it a all or nothing type of feature or an additional option and you can have mix and match versions of VPN client configs (meraki cloud, AD, Radius, etc)? (apologies in advance if I didn't use the proper terminology).

>I need to know if this will let me create multiple VPN user groups and specify split tunnel easily or not.

 

It's sad that such an expensive device can't do basic functionality. I can throw something like Untangle on some random hardware for free and do that with a single click.

RufTech
Conversationalist

Picture of Big Foot

anyconnect.PNG

Roska
A model citizen

@RufTech and it works? 🙂

Bsalami
Meraki Employee

AnyConnect is still in development. @RufTech I love the teaser. I will update this thread when AnyConnect on the MX is  available for wider beta testing!

cmr
Kind of a big deal
Kind of a big deal

@Bsalamican you please confirm whether it is simply a proprietary client or allows more flexibility for the actual client VPN function?  From the screenshot posted by @RufTech I am hoping the latter...

routerjockey
Conversationalist

As the name implies... I would assume it is Cisco AnyConnect. Not connect "any" VPN client support.

 

Any update on the beta becoming more widely available? I assume it will be a similar manner to how Cisco FTDs support AnyConnect and you will have to just drop the policy .xml into the portal?

It's June, wondering if you have heard anything.

No updates from my rep.
Duke_Nukem
Getting noticed

I contacted my VAR to see if he's heard anything from his rep at Cisco.  They told him that it will only be available to the MX250/450 and MX67/68.  He also they said it would go Public Beta Q1 FY21 (August of this year).  

 

This can't be limited to just those models.  That's crazy.  Say it ain't so.

cmr
Kind of a big deal
Kind of a big deal

I'm guessing the MX64, MX84 and MX100 might be about to be replaced then...?

@Duke_Nukem   Those models are correct. You gotta do beta with some platforms.

I'm not talking just beta.  My fear is they will roll this out to only those models.  Can a Cisco Meraki employee confirm?

My Meraki rep confirmed that this does not apply to the MX-100.  I'll be looking for an alternative appliance solution.

Hello,
Did you find a solution?
Thank you

Love the crickets....

AC support will be on all current MX HW models. Learned it on last weeks Ask me anything session

In your statement of "all current models", does that include the MX84?

 

Thanks

I believe so yes, but @Bsalami is probably the correct person to confirm. ask me anything session a few weeks back got a suggested timeline for public beta so the train keeps moving on which is obviously a good thing.

AET-Tech
Comes here often

@Bsalami Is there any news on the MX client? Everyone working from home and we want to force the corp/vpn connection. I had to develop a powershell script to auto vpn users.

No update from my Meraki rep.  Utterly ridiculous that it has taken this long, assuming they are doing anything.  At this point, I am looking at moving as much as possible to the cloud to not only eliminate the need for VPN but to be able to completely ditch the 20 Meraki devices once my 3 years is up in 2021.  

 

I am not a big fan of open source, especially with security stuff.  I did try this vpn client from draytek and was able to connect just fine.  Connection seemed to be stable for the 4-6 hours I used it.  Also not thrilled with the connection saying "Connected to Vigor"  - that sounds a little scary to users.  Maybe it is completely safe and there is a way to change the connection info?  I just don't have the time to spend on it. 

 

https://www.draytek.com/products/smart-vpn-client/

Hello,

 

Hope everyone is doing well. We will be starting a new round of BETA testing soon. I will update this thread with details. I know the anticipation is real, just know that we can't wait to get BETA started! More details to come. 

 

This post was sent over my AnyConnect session on an MX100. So the MX100 and MX84 will support AnyConnect. We got you too!. 

Owen
Getting noticed

The MX84 and MX100 use Intel CPU's where the smaller MX firewalls use ARM cores. Does this mean Anyconnect isn't supported on the ARM CPU devices?

@Bsalami Is there anything being discussed about Anyconnect for vMX? We bought the license but we are avoiding using it as SSLVpn isn't supported. 


This post was sent over my AnyConnect session on an MX100. So the MX100 and MX84 will support AnyConnect. We got you too!. 

This is good news.  I'd be happy with an MX84 replacement but will be glad to use AnyConnect on my existing device.  Should we contact our rep if we want to be included with this next beta phase?

Hi,

is there any plans to support AnyConnect also in vMX100 models? I think support is important since many customers have no services onPrem, but instead all services are located in "private cloud" inside public cloud like Azure.

 

Some Meraki customers which I know, needed to learn/deploy vASA to enable AnyConnect SSL VPN for employees with Azure AD authentication (2MFA enabled).

@MikaVuokko  a bit of topic for this threat but Meraki just announced a rebranding on VMX100 which is going to be called medium. LIC-VMX-M and the duration for this after they update global price list. The reason for this being that they´ll introduce small and large versions for the VMX family later on this year.

AnythingHosted
Building a reputation

We have an MX84 and would be happy to run any beta testing if we can be included in the next phase. 

Any updates yet?

No word yet from my Meraki rep.

OVERKILL
Building a reputation

We would definitely be interested in it, as I'm currently using an ISR to service AnyConnect clients and landing them on the MX84 would be a heck of a lot better. 

Will MX64 & MX65 also support AnyConnect VPN? Meraki has a current Remote Worker promotion on the entire MX family. Not much of a remote worker/VPN solution when/if the MX64 doesn't support AnyConnect when the firmware finally (if Meraki ever get their act together) goes GA is it? If it was never intended to be available for certain MX models then Meraki should have mentioned so on spec sheets and/or roadmaps so partners would have known to not be selling MX64 or MX65 with the expectation it would support AnyConnect at some point.

Cohort Networks Inc.
Your Business. Connected.
cmr
Kind of a big deal
Kind of a big deal

@Cohort_Networks isn't that promotion focussing on hardware clients for remote workers, i.e. z3 and small MXs or am I misunderstanding?

@cmr No, the Remote Worker incentive/promotion applies to the entire MX family promoting it as a remote worker solution which would obviously include client VPN on the MX64 for a small office. Not much of a remote worker solution for end-customers wanting reliable client VPN option using AnyConnect on an MX64 device that hasn't even reached end-of-sale yet because Meraki isn't giving any clarity on what MX devices will support AnyConnect when/if the firmware ever goes GA. If the intent was never to support the MX64 which has yet to reach end-of-sale then they should have been upfront on that rather important detail.

 

It's frustrating that Meraki can't communicate effectively on this topic especially since they have put the word out there AnyConnect is coming. That said, if it was never intended for the MX64 they should have said so so we didn't sell the devices with the expectation AnyConnect support would be coming.

Cohort Networks Inc.
Your Business. Connected.
cmr
Kind of a big deal
Kind of a big deal

@Cohort_Networks I agree that some clarity of a product already in closed beta would be good.  It seems that MX84 and above will support AnyConnect at some point (MX16?) but if the MX6x devices will not be included, that would be better to state now, not wait until it comes out as a footnote of a product release.

@cmr  Exactly!

 

FYI: My understanding is MX67/68 are supporting AnyConnect on the Closed Beta (unless that has changed without my knowledge) but why not the MX64 without any indication either way when the firmware goes GA from Cisco Meraki.

 

Honestly, I'm starting to muse that Meraki Community staff are perfectly happy to let important questions go unanswered. Nobody from Meraki appears to rush to answer anything in any sort of useful detail on this and/or many other fronts. All it takes is someone to say "MX64 is not currently supported on the AnyConnect beta but will be supported when support goes GA" OR "MX64 is not currently supported on the AnyConnect beta and will not be supported when support goes GA". iIf the latter, however, they had better have a good reason why the community was not made aware of this considering the device has not had an end-of-support date let alone an end-of-sale date announced.

Cohort Networks Inc.
Your Business. Connected.

Z3 is great, had one at home in a trial before we deploy to our directors.  Really like it and its in the office waiting to be deployed now, I've moved to an MX68 at home, only because we closed an office and it was going spare..

 

When all is said and done, I'll have 30-40 people working remotely.  Not going to invest any more money into additional Meraki solutions at this point.  

@Bsalami Is there an estimated date of release?

Have not heard anything from my Meraki rep.

We had an "exklusive" look at it 2 weeks back, since one of our customers desperately wanted to see it.

Also got the info, if you're a Meraki customer already, you can ask you sales rep to be included into the beta. Not a 100% chance you getting into it though. Probably better chances if you have full stack and lots of Meraki stuff (and obv. a MX).

We keep hearing next FY for the open beta. (Which would be starting August)

My recommendation to everyone is to find a different VPN solution.  Meraki is just stringing everyone along and trying to get them to upgrade to more expensive equipment.  The "beta" story hasn't changed in 8 months, and the "release date" keeps getting pushed back.  Let's face it, Meraki (Cisco) already has the AnyConnect client in producti