Client VPN Wish List

Here to help

Client VPN Wish List

- Multi factor / one-time password authentication capability.

- Stronger everything security-wise: AES encryption, anything better than SHA1 IKEv2, etc...AND configurable with however I would like based on my needs, not stuck with just one way of doing it ike we currently have.


These really have to be huge requests I imagine, especially for compliance needs.

I really do hope this is already on the Meraki roadmap for their MX firmware.

Kind of a big deal

Multi-factor/OTP is available using a RADIUS server from an Multifactor/OTP vendor.


AES is already being used.  Unfortunately I think SHA1 is still used.


IKEv2 would be excellent to get.


I would like to be able to configure policies per VPN user, so different VPN users have different access permissions.

having MFA/OTP built in would be nice still. I come from a SonicWALL background and this feature was built into the appliances.


Strange regarding AES, as I spoke to Meraki support not long aog this week, and they state the following is used for client VPN:




PAP authentication

3DES encryption

SHA1 hashing

Aggressive Mode


Definitely could be better and why it isn't in this day in age, who knows.


Getting noticed

I would also like to be able to assign static IP's per VPN users. 


The group policies are currently assigning per IP and if the user doesn't use the VPN for about a month, the IP gets assigned to someone else and they then have the wrong access.


Though I supposed @PhilipDAth suggestion of access per user account would solve that problem too.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.