MX 16.16 Always On Anyconnect VPN

Building a reputation

MX 16.16 Always On Anyconnect VPN


Client is looking to use Always on and trusted network to enforce VPN to connect when users are from home and when they are in the office they don't want to have them to be prompted.

I followed the instructions provided here

But the profile shown uses for the dns suffix. My guess is this is because its just an example. But this doesn't work when I test it using customer dns suffix and dns servers.



We are using auto-generate certificates and DDNS, is this even possible or do I need custom hostname certificates? 

UPDATE - I did get this working for basic Meraki Authentication, Always on and Trusted Network Detection, but I need it to work with SAML (Azure AD).
When on an untrusted network, SAML not be able to reach single sign on web page for Azure AD because Internet access is blocked, so it doesn't allow you to even attempt to authenticate. I will keep at it and update if I find a solution.


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.