Hi all,
I've hit a roadblock in my Duo Auth Proxy deployment. On a basic level, I have multiple sites using Meraki's Client VPN that previously authenticated using AD and an NPS to pass through a fliter-id to Meraki, determining which group policy to apply to the client.
The issue enters with the Duo Auth Proxy. Duo's documentation would have me believe that Meraki's Client VPN configuration should point to my Duo Auth Proxy server as the RADIUS server. This server sits between my Meraki MX device and my NPS: Client -> Meraki Site -> Duo Auth Proxy -> NPS.
The problem with this configuration is that all connection requests coming in to my NPS are received from the Duo Auth Proxy RADIUS client. This means I cannot use the site's IP/Client Friendly Name as a filter for my NPS network policies. I have configured the Duo Auth Proxy to pass through all RADIUS attributes, but this fails to pass through the RADIUS Client information.
Does anyone have a recommendation for this situation? Perhaps a custom RADIUS attribute I can add in Meraki for each site to pass or a different configuration I can test out?
Thanks!
