Meraki

Community

Azure VMX HA Client VPN support

Darren88a
Conversationalist
‎Apr 19 2024 7:56 AM
‎Apr 19 2024 7:56 AM

Azure VMX HA Client VPN support

We are currently migrating services from on-prem to Azure cloud and plan to use Client VPN service.  Query Is Client VPN supported in a HA vMX deployment with AutoVPN?

Labels:
0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 19 2024 8:43 AM
‎Apr 19 2024 8:43 AM

Yes, It is.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 21 2024 2:22 PM
‎Apr 21 2024 2:22 PM

I think to make this work you would need to create a DNS like "vpn.company.com" and set the TTL to something like 60s, and point that to both of the VMX.  This would make clients alternate between them.  If one failed, clients would drop.  They would get a different DNS entry on average 30s later, and be able to reconnect (at least after a couple of attempts).

You could make it more sophisticated by using a DNS system that can dynamically add and remove entries based on them responding.

 

HOWEVER, the altogether much better system would to to us Cisco Secure Client with AnyConnect.  It supports SAML authentication natively against EntraID (and can use its MFA), and it also has the concept of a backup server.  It will automatically reconnect if the primary VMX is down.
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA... 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.