Certificate based authentication for VPN Client computers MX 100

Comes here often

Certificate based authentication for VPN Client computers MX 100

Hi Guys,


I have successfully setup wireless certificate authentication using Cisco Access points. My computers are able to authenticate when connecting to the SSID only by using the certificate installed in them.


I would now like to do the same for the domain computers when working from home. When they connect in over VPN i would like the mx100 to contact my internal Radius server and for those remote computers to authenticate only using computer certificates and not the usual username and password. Is this possible?

Kind of a big deal

As far as I'm aware, neither the Meraki nor Anyconnect client VPN's used with a Meraki MX gateway support certificate only authentication.


You can however configure certificate or domain authentication alongside client credentials.



Client VPN Overview - Cisco Meraki
AnyConnect Authentication Methods - Cisco Meraki

Kind of a big deal

You can't do it at all using the Microsoft VPN client.


AnyConnect can let you do it as an ADDITIONAL factor.  So it authenticates the machine first using the certificate, and then authenticates the user next.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.