Hi,
I am very new to meraki and I dont have experience with these products but I hope I am on the right place to get some help. We need to implement VPN client for our users with meraki firewalls and implement also 2FA with azure. We have this competence to do this, but we are lacking on the meraki competence. Is there anyone who can guide me to achieve this?
BR Nikma
Solved! Go to solution.
You need to deploy NPS with the MFA plugin.
Hi,
Thank you Philip for your response! So we enable Client VPN on the meraki dashboard, we choose an IP range under Client VPN Subnet (does this mean that this is the range that the client will be assigned IP addresses from?). We specify then the dns server which will be used, the secret and the authentication method which in our case will be Radius! The radius server will be a NPS server and the Azure MFA extension will be installed on this server!
Do I have a good framework from which to start?
BR Nikma
That is exactly right.
I would describe Azure MFA as only "just" capable of such configurations. The debugging is poor to non-existant. There are few configurable options. But it does work.
All right Philip! We will investigate further regarding the MFA solution but as for now we have decided to use Azure MFA!
What do you think about the configuration on the meraki itself! Do we have anything else to do beside these points down:
1. We enable Client VPN on the meraki dashboard,
2. We choose an IP range under Client VPN Subnet (does this mean that this is the range that the client will be assigned IP addresses from?),
3. We specify then the dns server which will be used, t
4. We specify the secret and the authentication method which in our case will be Radius! The radius server will be a NPS server and the Azure MFA extension will be installed on this server!
And in the end we probably should create a policy to accept this kind of traffic inside the coorporate network!
2. Yes
Everything else is correct.
Thank you Philip! I appreciate your help really 🙂
Hi @nikma @PhilipDAth ,
I have a similar request here. Our client prefers Azure MFA over DUO.
I managed to find the guide to setup Azure MFA
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
Could you please let me know where to find the hands-on guide +NPS setup?
Just out of Curiosity I have a couple of questions about this. When a user initiates a connection to the client VPN, do they just get a Microsoft authentication box appear? The second question is about the few Windows 7 laptops that are still in use (for now). Does this work with those?
It uses the Windows client VPN built into Windows. So you get the normal Windows username/password prompt. The user then gets a push notification to their device to approve or reject the connection.
The user does not get the Office 365 authentication box.
Fantastic. Thanks so much for the prompt reply