IKEv2 support for Client VPN in MX-series (not site-to-site)

afaho
New here

IKEv2 support for Client VPN in MX-series (not site-to-site)

Since Android deprecated the L2TP protocol in version 12, and no new VPN profiles can be created with L2TP, is there a plan to add support to Meraki MX-series devices for the IKEv2 protocol?  Currently the only way to support an L2TP VPN on Android 12 is to create the profile in an earlier version of Android OS, and then upgrade to Android 12.  Android 13 has broken L2TP completely, even when a profile was carried forward from older versions of Android (see here: https://issuetracker.google.com/issues/249682648?pli=1 ).

 

Please note that I am not asking about Site-to-Site VPN, which apparently can support the IKEv2 protocol according to this Meraki Community post: https://community.meraki.com/t5/Security-SD-WAN/IKEv2-support-on-MX-devices/m-p/37709

 

Thanks!

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

I think  you should open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal

You're correct, Android 12 and 13 deprecated L2TP VPN. Meraki acknowledges this at the top of the client VPN configuration document.

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

 

The best replacement is to use Anyconnect VPN. It's not exactly a drop in solution as it requires extra licensing but it's a far better product and experience.

PhilipDAth
Kind of a big deal
Kind of a big deal

As @Brash says, you'll need to buy Cisco AnyConnect licences and use that.  It is much better.

OS-Cubed
Here to help

Why should users have to buy a licsensed product.  Meraki was always about NOT charging per user for stuff, but now if you want to connect an android device you need a license? Bs. Meraki could solve this in an instant by just adding support for one of the more secure supported protocols to their firmware. But no - Cisco would rather make money off us.

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't see how it has anything to do with Meraki that Google chose to remove L2TP client VPN support from Android.  Meraki offers exactly the same support it did before for client VPN - L2TP and AnyConnect.

 

What has happened is you have chosen to use a software vendor, Google, that removed an existing protocol from your device (I used Android as well by the way).  Part of the cost of choosing to stay with that same software vendor is investing in newer technologies to get (not the same but) better technology.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels