Meraki Client VPN Feature

Prashant_India
Here to help

Meraki Client VPN Feature

 

For the moment we are using Pulse Secure Connect as a remote users access solution.

We know that Meraki MX supports clients' VPN, and I need to understand the limitation.

Currently, some users are having full access to the network but also for Clients/3rd parties to access to some specific services/servers. (not all the network).

Pulse secure is based on AD security Group and sign-in page with 2 factors authentications.

 

Can MX is able to provide the same solution ?

5 REPLIES 5
BrechtSchamp
Kind of a big deal

Meraki doesn't have a dedicated software client for its client VPN. It's using the built-in IPsec client of the operating system. There's also no SSL client VPN.

 

There's limited support for 2FA as described here:

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication#Usin...

 

But in my opinion it won't be comparable with your current solution. Meraki are likely adding support for Anyconnect at some point, but there's no timeline for that. At that point this may change and provide a valid replacement for your current solution.

@BrechtSchamp Thanks , can we achieve this solution by using radius + NPS server 

Nash
Kind of a big deal

If you need to provide different access to different user groups, no, the Meraki client VPN won't do you. You get a single user group with a single access level on the firewall itself. 

 

By the way, you're aware of the Pulse vulnerabilities right? If not, you should check for updates. 🙂

@Nash Thanks ...Please clarify if this limitation is due to the fact that only 1 client VPN IP subnet can be defined in meraki dashboard and we can apply firewall policy for this particular client VPN subnet to allow or deny .

Nash
Kind of a big deal

Essentially, yes. You can set firewall rules for that subnet, but then you may restrict access that your employees need.

 

I really, strongly would recommend pursuing a non-Meraki client VPN solution. If I had a client with your needs, since we're a Cisco/Meraki VAR, I'd sell an ASA or Firepower device.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels