Good Day -
Any status on when we expect to have full cisco anyconnect vpn support for the MX appliances? Thank you in advance been asking for 3 years now.
Solved! Go to solution.
I hate to be a buzzkill, @DillonofAnch17 but the sales reps have been saying "in the next 6 months" for the last couple of years. It's for reasons beyond their control, but I wouldn't get excited about AnyConnect support until you can start applying AnyConnect licenses to MX devices.
Thanks for your patience. There is no update on the status and MX is still not supporting Cisco Anyconnect VPN at this time. However, Meraki is making exciting changes on a new beta firmware - 15.x. Please check back with Support periodically for a new feature.
Sunny Joo
Where can we read more about new feature of the 15.x firmware?
@lbouchard I usually check these from dashboard: Organization -> Firmware upgrades. Running beta enabled org.
how much longer is 15 going to be in beta? I've been hearing about "the wonderful advancements in firmware 15" for about 6 months.
@NFL0NRfirmware stays in beta until I think ~10% of users install it, with 15.x incrementing rapidly this will take some time! We run 15.x on our production SDWAN but even with fairly regular updating we have some devices on 15.14, some on 15.15 and some on 15.16 so we aren't contributing much to the % of any of them...
@SLR While at Cisco Live last month I spoke with a few different Meraki employees who have spoken that the MX's will support Anyconnect eventually and it's more of a when and not if. This would be huge if it's going to be available on Beta. I will be watching closer now!
I hate to be a buzzkill, @DillonofAnch17 but the sales reps have been saying "in the next 6 months" for the last couple of years. It's for reasons beyond their control, but I wouldn't get excited about AnyConnect support until you can start applying AnyConnect licenses to MX devices.
I second this...
Any update regarding the AnyConnect support? I really need this!
I am going to bounce this up again!
anyone got any news?
I got an email that is actively in development. They think they will have a beta to announce very soon.
I will believe it when I see it.
they have been saying this for years.
It's the best news of this decade!
Seeing is believing
In the era of Trump and fake news, who can believe this anymore?
I believe you´ve managed to get some attention and into the closed beta group. Good luck, please post reply here if you hear something. Thanks
I need in on any beta testing group for anyconnect support as we have been waiting forever since we first installed the devices into our org.
I'm currently on a Cisco training and I got it approved again.
Anyconnect for Meraki is more or less already finished is is getting implemented into the beta now.
Wow, finally, this will be GREAT!!!
Was told today same thing. I am getting an additional MX through SHI and my account manager was going back and forth with his Meraki point of contact. Then I remembered this thread so I asked him about AnyConnect. He came back and said that he was told AnyConnect is in beta and release should be late spring. Exciting news to say the least.
So the real question is: has anyone taken a 4K picture of Big Foot yet?
You know, I really hope we can hear from some of the beta testers.
I need to know if this will let me create multiple VPN user groups and specify split tunnel easily or not. Like, is it AnyConnect AnyConnect? Or is it AnyConnect as an SSL VPN client, but no real changes otherwise?
I'd bet on it being the latter option...
@cmr wrote:I'd bet on it being the latter option...
Which is cool. I love dumping all of an end user's traffic out through my client's 10/1 Mbps DSL pipe when they're working from home and streaming music or Youtube.
MX250/450 and MX67/68 are the testing platforms on closed beta.
@Roska what firmware version is needed, or is that not relevant?
EDIT: closed beta FW push. Unfortunately not aware of the FW version required.
The version has to be pushed to your device, and the only way that happens is if you get into the closed beta.
Once enabled by support in the closed beta, is it a all or nothing type of feature or an additional option and you can have mix and match versions of VPN client configs (meraki cloud, AD, Radius, etc)? (apologies in advance if I didn't use the proper terminology).
>I need to know if this will let me create multiple VPN user groups and specify split tunnel easily or not.
It's sad that such an expensive device can't do basic functionality. I can throw something like Untangle on some random hardware for free and do that with a single click.
Picture of Big Foot
AnyConnect is still in development. @RufTech I love the teaser. I will update this thread when AnyConnect on the MX is available for wider beta testing!
As the name implies... I would assume it is Cisco AnyConnect. Not connect "any" VPN client support.
Any update on the beta becoming more widely available? I assume it will be a similar manner to how Cisco FTDs support AnyConnect and you will have to just drop the policy .xml into the portal?
It's June, wondering if you have heard anything.
I contacted my VAR to see if he's heard anything from his rep at Cisco. They told him that it will only be available to the MX250/450 and MX67/68. He also they said it would go Public Beta Q1 FY21 (August of this year).
This can't be limited to just those models. That's crazy. Say it ain't so.
I'm guessing the MX64, MX84 and MX100 might be about to be replaced then...?
I'm not talking just beta. My fear is they will roll this out to only those models. Can a Cisco Meraki employee confirm?
My Meraki rep confirmed that this does not apply to the MX-100. I'll be looking for an alternative appliance solution.
Did you find a solution?
Thank you
Love the crickets....
AC support will be on all current MX HW models. Learned it on last weeks Ask me anything session
In your statement of "all current models", does that include the MX84?
I believe so yes, but @Bsalami is probably the correct person to confirm. ask me anything session a few weeks back got a suggested timeline for public beta so the train keeps moving on which is obviously a good thing.
@Bsalami Is there any news on the MX client? Everyone working from home and we want to force the corp/vpn connection. I had to develop a powershell script to auto vpn users.
No update from my Meraki rep. Utterly ridiculous that it has taken this long, assuming they are doing anything. At this point, I am looking at moving as much as possible to the cloud to not only eliminate the need for VPN but to be able to completely ditch the 20 Meraki devices once my 3 years is up in 2021.
I am not a big fan of open source, especially with security stuff. I did try this vpn client from draytek and was able to connect just fine. Connection seemed to be stable for the 4-6 hours I used it. Also not thrilled with the connection saying "Connected to Vigor" - that sounds a little scary to users. Maybe it is completely safe and there is a way to change the connection info? I just don't have the time to spend on it.
Hope everyone is doing well. We will be starting a new round of BETA testing soon. I will update this thread with details. I know the anticipation is real, just know that we can't wait to get BETA started! More details to come.
This post was sent over my AnyConnect session on an MX100. So the MX100 and MX84 will support AnyConnect. We got you too!.
The MX84 and MX100 use Intel CPU's where the smaller MX firewalls use ARM cores. Does this mean Anyconnect isn't supported on the ARM CPU devices?
@Bsalami Is there anything being discussed about Anyconnect for vMX? We bought the license but we are avoiding using it as SSLVpn isn't supported.
This post was sent over my AnyConnect session on an MX100. So the MX100 and MX84 will support AnyConnect. We got you too!.
This is good news. I'd be happy with an MX84 replacement but will be glad to use AnyConnect on my existing device. Should we contact our rep if we want to be included with this next beta phase?
is there any plans to support AnyConnect also in vMX100 models? I think support is important since many customers have no services onPrem, but instead all services are located in "private cloud" inside public cloud like Azure.
Some Meraki customers which I know, needed to learn/deploy vASA to enable AnyConnect SSL VPN for employees with Azure AD authentication (2MFA enabled).
@MikaVuokko a bit of topic for this threat but Meraki just announced a rebranding on VMX100 which is going to be called medium. LIC-VMX-M and the duration for this after they update global price list. The reason for this being that they´ll introduce small and large versions for the VMX family later on this year.
We have an MX84 and would be happy to run any beta testing if we can be included in the next phase.
Any updates yet?
No word yet from my Meraki rep.
We would definitely be interested in it, as I'm currently using an ISR to service AnyConnect clients and landing them on the MX84 would be a heck of a lot better.
Will MX64 & MX65 also support AnyConnect VPN? Meraki has a current Remote Worker promotion on the entire MX family. Not much of a remote worker/VPN solution when/if the MX64 doesn't support AnyConnect when the firmware finally (if Meraki ever get their act together) goes GA is it? If it was never intended to be available for certain MX models then Meraki should have mentioned so on spec sheets and/or roadmaps so partners would have known to not be selling MX64 or MX65 with the expectation it would support AnyConnect at some point.
@JPAWELCHAK isn't that promotion focussing on hardware clients for remote workers, i.e. z3 and small MXs or am I misunderstanding?
@cmr No, the Remote Worker incentive/promotion applies to the entire MX family promoting it as a remote worker solution which would obviously include client VPN on the MX64 for a small office. Not much of a remote worker solution for end-customers wanting reliable client VPN option using AnyConnect on an MX64 device that hasn't even reached end-of-sale yet because Meraki isn't giving any clarity on what MX devices will support AnyConnect when/if the firmware ever goes GA. If the intent was never to support the MX64 which has yet to reach end-of-sale then they should have been upfront on that rather important detail.
It's frustrating that Meraki can't communicate effectively on this topic especially since they have put the word out there AnyConnect is coming. That said, if it was never intended for the MX64 they should have said so so we didn't sell the devices with the expectation AnyConnect support would be coming.
@JPAWELCHAK I agree that some clarity of a product already in closed beta would be good. It seems that MX84 and above will support AnyConnect at some point (MX16?) but if the MX6x devices will not be included, that would be better to state now, not wait until it comes out as a footnote of a product release.
@cmr Exactly!
FYI: My understanding is MX67/68 are supporting AnyConnect on the Closed Beta (unless that has changed without my knowledge) but why not the MX64 without any indication either way when the firmware goes GA from Cisco Meraki.
Honestly, I'm starting to muse that Meraki Community staff are perfectly happy to let important questions go unanswered. Nobody from Meraki appears to rush to answer anything in any sort of useful detail on this and/or many other fronts. All it takes is someone to say "MX64 is not currently supported on the AnyConnect beta but will be supported when support goes GA" OR "MX64 is not currently supported on the AnyConnect beta and will not be supported when support goes GA". iIf the latter, however, they had better have a good reason why the community was not made aware of this considering the device has not had an end-of-support date let alone an end-of-sale date announced.