We currently chose DUO Security (a sister Cisco company) for our MFA needs and discovered that our MX series appliances do not pass through the client VPNs IP address in order to utilize DUOs Authorized Networks policy feature. This was validated with Meraki support through packet capture analysis.
I've been Making a Wish for last 6 months in our Meraki dashboard with no mention of this feature to be added on future firmware updates.
Has anyone heard otherwise?
And while RADIUS is being worked on - please add support for the FilterId attribute for client VPN (like for MR) so that we can dynamically assign group policy.
I'd about give my left arm for dynamically assigned group policy for ClientVPN users, and I'm partially ambidextrous.