Looking for have source End User IP visible in Radius Attribute
We are working on Securing our VPN clients that connect to MX Devices. We are looking to Force 2FA on Clients outside of the US. We are using Okta Radius Agents to authenticate against and have authentication working along with 2FA working. But the Meraki Cloud makes the authentication request to our Okta Radius Servers through the MX Gateway on behalf of the user. The Meraki Cloud does not include any IP information from the actual VPN Request in a Radius attribute field. They only have their Clould IP in the Radius Request. Without Meraki Providing the IP that the request is coming from our Okta Radius Server can not tell where in the world (Literally) the VPN request is actually coming from. In the logs and packet captures all request come from the same Meraki Cloud IP. I opened a Support Ticket and they said my best option is submit a feature request and hope in the future it can change.
I don't think there is anyway around this unfortunately. If Meraki support have told you already that their isn't an NFO (Network Feature Override) that they can apply to help overcome this I'd say that this feature is not yet available/supported.
My recommendation would be to follow up the feature request with your SE/Sales rep they'll be able to work with you on this specific feature request as well as getting directly in touch with the Product managers themselves.
Eliot F | Simplifying IT with Cloud Solutions Found this helpful? Give me some Kudos! (click on the little up-arrow below)