- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki Client VPN w/ 2FA - Radius & Active Directory
H everyone,
We have an MX64 and the Client VPN is set for authentication with Meraki cloud and the users setup.
I'm trying to set up 2FA via Duo Security but I have some questions:
1) I set up the DAP with the following config:
[radius_client] host=X.X.X.X secret=XXXXXXXXXXX [radius_server_auto] ikey=XXXXXXX skey=XXXXXXXXXX api_host=XXXXXXXXX radius_ip_1=XXXXXXXX radius_secret_1=XXXXXXXXX client=radius_client port=1812 failmode=safe
Am I missing configuration for Active Directory in order to authenticate?
I've read this document regarding the RADIUS setup but I am confused when it comes to 'configuring RADIUS clients to use it for authentication'. Which client am I supposed to configure? I am little confused 😕
Currently, we have the windows 10 VPN tool setup to the Client VPN endpoint and the only authentication is the stored username and password. I am not sure how to point this endpoint to the DAP.
Any help will be greatly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Viksep,
While 2 factor authentication is possible with the Meraki Client VPN, it is not directly supported. As mentioned in our documentation,
"Client VPN does not natively support two-factor auth, a third-party solution is required for this configuration. As such, please refer to your two-factor auth solution's documentation for additional information and troubleshooting."
I will say however that Duo will not be compatible with Meraki Cloud Authentication. That option simply verifies the username and password stored in dashboard matches what is provided by the end user device. You will need to change the authentication type to RADIUS and add a radius server IP that points to the DAP. That should get you on the right track.
If you need any additional assistance with troubleshooting, feel free to contact Meraki Support!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ByronC,
Thanks for your response.
I am indeed looking to authenticate via another method, RADIUS or Active Directory, not Meraki Cloud.
I've gone as far as setting up the DAP on a server within the network perimeter but I am unsure of the requirements: e.g. if I set the auth method to Active Directory, if I still need a RADIUS server configured and if so, how would I go about proceeding with that setup.
Many thanks.