Meraki AnyConnect VPN - Client Authentication - HELP

Street_1991
Comes here often

Meraki AnyConnect VPN - Client Authentication - HELP

Hi All

 

Im wondering if someone could help me out on this one, Im attempting to configure Certificate authentication on the client side as well as UN/PW. 

 

Im wanting to use an SSL cert from 3rd party provider. However when adding the CA cert into the MX and then into the User > Personal cert store, all i get is Certificate Validation Error. 

 

Has anyone experienced this before and if so, how did you get around it? 

 

Kind Regards

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

Are you using Anyconnect? Because this only works on Anyconnect.

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Managing_and_Troublesh...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Street_1991
Comes here often

Hi, 

 

Yep, using Anyconnect. Ive followed those instructions but it still states that the certificate validation failed... 

 

Cheers

 

Matt 

alemabrahao
Kind of a big deal
Kind of a big deal

Have you opened a support case?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Street_1991
Comes here often

Hi, yes, but they are next to useless. 

 

I've uploaded the CA cert in PEM format to the MX, which shows its been issues from and to the same place. Then installed the same (in .crt form) to the client machine in the User > Personal > Certificate store. 

 

Still getting the certificate validation error. 

 

It will work when our wildcard cert is installed in the local machine cert store, but we dont want to have that installed on all machines where possible. 

 

Cheers

Matt 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels