Meraki AnyConnect VPN with MFA

SOLVED
LaithCpE
Comes here often

Meraki AnyConnect VPN with MFA

Dears,

I am trying to implement Cisco Meraki AnyConnect VPN with MFA,

And I have checked the below link:

https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication

 

In the document it says there is no native support to MFA in Meraki Client VPN,

 

is there anyway to implement MFA with Anyconnect Meraki client VPN?

 

Thanks,

1 ACCEPTED SOLUTION
11 REPLIES 11
KarstenI
Kind of a big deal
Kind of a big deal

"no native support" only means that there is nothing directly integrated. But you are free to integrate an external solution. So now go to the link @ww provided and then use Duo, or alternatively directly go to use Duo ... 😉

MilesMeraki
Head in the Cloud

Cisco Duo will enable the configuration of 2FA for Meraki MX client VPN. It's not supported by default, unfortunately. 

 

Heres's the DUO configurationdocument - https://duo.com/docs/meraki-radius

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
CMTech1
Getting noticed

Hi,

 

We are currently in beta with the Cisco Anyconnect for Meraki and currently have our Azure MFA integrated and working.

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

 

Cheers!

 

CptnCrnch
Kind of a big deal
Kind of a big deal

Also give Duo a try. From a configuration / maintenance standpoint you'll quickly see the advantage over Azure MFA.

@CptnCrnch, we did demo several 2FA/MFA's (Duo one of them) and found Azure more cost effective and easier to manage given our current Azure footprint along with our other system requirements.

 

I'm sure Duo will mature with Cisco owning since 2018 and might be a worth looking at again in the future, but for now......We're happy with Azure 🙂

 

CptnCrnch
Kind of a big deal
Kind of a big deal

Wow! I'm always hearing the "most cost effective" argument regarding Azure but you're the first one that seems to prefer the Azure management option. Congrats on that! 😉

Depends on your particular circumstances and requirements right? In our case DUO would have required another system to manage (broker) where as we don't need in Azure. Also, I'm saving $$$$ since our subscription already comes with MFA (P1/P2) so essentially saving money really.

 

 

CptnCrnch
Kind of a big deal
Kind of a big deal

Of course you can concentrate "only" on licensing costs. On the other hand, systems need management that imply cost too. Therefore I mentioned that "free of charge" with MS doesn't mean that the overall solution is really cheaper when having it in production. 😉

 

But hey: if you are happy with it, I'm happy tool 🙂

Hey Buddy,

We are using the same MFA! have you tried SMS or Call authentication? I've tried it but it won't work for me, we can only use MFA app for approval.

Hi @BaronCSE, yes we have it set to either of three choices based on user requirements, Text, MS APP or Token. Thankfully only have a few that wanted the Token, but still easy to setup. As far as you're question, under Azure AD/Security/Authentication Methods is where you create the policy. I manage the policies via AD Groups. Users have the option to use multiple such as Text and MS APP in case they require one or the other.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels