Azure VMX HA Client VPN support

Darren88a
Conversationalist

Azure VMX HA Client VPN support

We are currently migrating services from on-prem to Azure cloud and plan to use Client VPN service.  Query Is Client VPN supported in a HA vMX deployment with AutoVPN?

2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal

Yes, It is.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

I think to make this work you would need to create a DNS like "vpn.company.com" and set the TTL to something like 60s, and point that to both of the VMX.  This would make clients alternate between them.  If one failed, clients would drop.  They would get a different DNS entry on average 30s later, and be able to reconnect (at least after a couple of attempts).

You could make it more sophisticated by using a DNS system that can dynamically add and remove entries based on them responding.

 

HOWEVER, the altogether much better system would to to us Cisco Secure Client with AnyConnect.  It supports SAML authentication natively against EntraID (and can use its MFA), and it also has the concept of a backup server.  It will automatically reconnect if the primary VMX is down.
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels