Meraki

Community

Client VPN Radius and AD issues

SlesGeek
New here
‎Oct 13 2023 2:51 PM
‎Oct 13 2023 2:51 PM

Client VPN Radius and AD issues

I have succesfully setup authentication via a Radius server. I have also been able to use Active Directory authentication... The issue i am running into is that when I connect with either solutions, I am unable to access all but two of our servers (which I have no clue as to why these two servers are the only ones accessible). 

However, if I switch the Client VPN authentication to the Meraki Cloud Authentication method, I am able to access all servers on the private LAN...

Are there additional settings I am not aware of on the radius server that would block the VPN client from accessing certain servers? I setup the radius server according to documentation I gleened from Cisco.

 

Thanks.

Labels:
0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 13 2023 3:19 PM
‎Oct 13 2023 3:19 PM

Is it the L2TP client or Anyconnect?

 

Any chance the user in question is in a group that has limited access to the network?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
SlesGeek
New here
‎Oct 13 2023 4:09 PM
‎Oct 13 2023 4:09 PM

So here is a strange one…

 

I decided to test the VPN client using the Meraki Cloud Authenticator… which worked. I pinged all the servers and it worked great….

 

Then, I switched it back to the Radius server authentication and…. Now I am able to connect to the private LAN and it’s servers! WTH? Why would I need to establish a connection to the servers via the Meraki Cloud Authentication method before I can connect to them via the Radius method?

0 Kudos
In response to SlesGeek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 13 2023 4:43 PM
‎Oct 13 2023 4:43 PM

I have no idea, in this case I suggest you to open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 15 2023 1:25 PM
‎Oct 15 2023 1:25 PM

Does the RADIUS server have the Filter-Id attribute configured?  This can be used to push a group policy to restrict what the user can access.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 15 2023 1:25 PM
‎Oct 15 2023 1:25 PM

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Using_RADIUS_Attributes_to_Apply_... 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.