Meraki

Community

Certificate based authentication for VPN Client computers MX 100

lawrie
Comes here often
‎Sep 19 2021 3:15 PM
‎Sep 19 2021 3:15 PM

Certificate based authentication for VPN Client computers MX 100

Hi Guys,

 

I have successfully setup wireless certificate authentication using Cisco Access points. My computers are able to authenticate when connecting to the SSID only by using the certificate installed in them.

 

I would now like to do the same for the domain computers when working from home. When they connect in over VPN i would like the mx100 to contact my internal Radius server and for those remote computers to authenticate only using computer certificates and not the usual username and password. Is this possible?

0 Kudos
2 Replies 2
Brash
Kind of a big deal
Kind of a big deal
‎Sep 19 2021 3:53 PM
‎Sep 19 2021 3:53 PM

As far as I'm aware, neither the Meraki nor Anyconnect client VPN's used with a Meraki MX gateway support certificate only authentication.

 

You can however configure certificate or domain authentication alongside client credentials.

 

 

Client VPN Overview - Cisco Meraki
AnyConnect Authentication Methods - Cisco Meraki

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 20 2021 1:07 PM
‎Sep 20 2021 1:07 PM

You can't do it at all using the Microsoft VPN client.

 

AnyConnect can let you do it as an ADDITIONAL factor.  So it authenticates the machine first using the certificate, and then authenticates the user next.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.