Dears,
I am trying to implement Cisco Meraki AnyConnect VPN with MFA,
And I have checked the below link:
https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication
In the document it says there is no native support to MFA in Meraki Client VPN,
is there anyway to implement MFA with Anyconnect Meraki client VPN?
Thanks,
Solved! Go to solution.
"no native support" only means that there is nothing directly integrated. But you are free to integrate an external solution. So now go to the link @ww provided and then use Duo, or alternatively directly go to use Duo ... 😉
Cisco Duo will enable the configuration of 2FA for Meraki MX client VPN. It's not supported by default, unfortunately.
Heres's the DUO configurationdocument - https://duo.com/docs/meraki-radius
Hi,
We are currently in beta with the Cisco Anyconnect for Meraki and currently have our Azure MFA integrated and working.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
Cheers!
Also give Duo a try. From a configuration / maintenance standpoint you'll quickly see the advantage over Azure MFA.
@CptnCrnch, we did demo several 2FA/MFA's (Duo one of them) and found Azure more cost effective and easier to manage given our current Azure footprint along with our other system requirements.
I'm sure Duo will mature with Cisco owning since 2018 and might be a worth looking at again in the future, but for now......We're happy with Azure 🙂
Wow! I'm always hearing the "most cost effective" argument regarding Azure but you're the first one that seems to prefer the Azure management option. Congrats on that! 😉
Depends on your particular circumstances and requirements right? In our case DUO would have required another system to manage (broker) where as we don't need in Azure. Also, I'm saving $$$$ since our subscription already comes with MFA (P1/P2) so essentially saving money really.
Of course you can concentrate "only" on licensing costs. On the other hand, systems need management that imply cost too. Therefore I mentioned that "free of charge" with MS doesn't mean that the overall solution is really cheaper when having it in production. 😉
But hey: if you are happy with it, I'm happy tool 🙂
Hey Buddy,
We are using the same MFA! have you tried SMS or Call authentication? I've tried it but it won't work for me, we can only use MFA app for approval.
Hi @BaronCSE, yes we have it set to either of three choices based on user requirements, Text, MS APP or Token. Thankfully only have a few that wanted the Token, but still easy to setup. As far as you're question, under Azure AD/Security/Authentication Methods is where you create the policy. I manage the policies via AD Groups. Users have the option to use multiple such as Text and MS APP in case they require one or the other.