Anyconnect VPN client

reditguy
Here to help

Anyconnect VPN client

Hi, is there any update on the Anyconnect client support on the MX64's?

 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance

 

What is the experience like on models that currently support it? Is it seamless for the user? Can they just go to vpn.domain.com or something, enter their credentials and MFA/2FA and connect?

 

Do the newer Meraki's integrate with AzureAD? Does it have built-in MFA?

 

 

3 REPLIES 3
Bruce
Kind of a big deal

So far as I’m aware there has been no update on support for the MX64. In fact I’ve seen some recent documents that stated its unsupported, rather than coming soon, so who knows.

 

The experience is pretty good. It’s not the full feature set like with the Cisco ASA, but it’s a pretty good starting point. You can’t specify your own domain, it uses the auto-generated dynamic-m.com domain. Authentication is either RADIUS, Meraki, or on-premises AD; through RADIUS you could integrate with AzureAD, but there is no native support for AzureAD. There is no native MFA, although again, this should be possible using something like Duo.

KarstenI
Kind of a big deal
Kind of a big deal

This is what I wrote when the Beta was released. Still valid for 16.6:

https://cyber-fi.net/index.php/2021/03/13/anyconnect-vpn-on-meraki-mx-a-first-impression/

PhilipDAth
Kind of a big deal
Kind of a big deal

It works really well.

 

You have to connect to the DDNS assigned to the MX.  If you want the user to see a "nice name" for connecting, then you can create a profile that you can upload to give that better user experience.  I've created an online tool for this:

https://www.ifm.net.nz/cookbooks/online-anyconnect-profile-editor.html 

 

For MFA you typically use something that supports push notifications, such as Cisco Duo or Microsoft Azure/Office 365.

 

There is no direct integration with Office 365.  For MFA, you configure an on-premise NPS server with the Azure MFA component.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels