Solved! Go to solution.
Hi @nikmagashi
Indeed you figured it out:
Regarding the IP Address to associate with the Radius Client on NPS Side, this meraki KB is really helpful and explains the different cases
On an intranet, If your MX uses a static route to reach out the NPS Server, you will have to use MX IP of network segment used by this route.
If your MX relies on VPN tunnel to reach out NPS, use the MX IP of the highest-numbered VLAN Interface set "in VPN"
I hope it helps
HI nikmagashi,
I am not quite sure but may it be possible that you have to put the RADIUS key in the secret field under RADIUS server and the other field is just for a shared secret that you choose for your cilents to establish the VPN connection?
So you can choose the shared secret and have to put in in when establishing the connection.
The final authentication is against the radius server.
I havent configured this before... so its just an idea 🙂
Kind Regards
Niklas
"Secret" is the shared secret that has to be the same on the RADIUS server and your Dashboard.
To be able to use it, your MX has to be configured as RADIUS client on that server. The secret has to be configured in this step.
All right but what about the share secret above? Because this is very confusing for me! I have tried to put the same key on both fields but it is now working. The client is not being able to connect.
I think I have figured it out! The shared secret seems to be the pre shared key you use when configuring the vpn settings on the client.
But I still have some questions regarding the client IP on the NPS. On the meraki MX I have a some vlans (lots of MX IP) and of course the public IP. Which IP should be as a client radius on the NPS! Can I choose one of the mx ips as a radius client on the NPS?
Hi @nikmagashi
Indeed you figured it out:
Regarding the IP Address to associate with the Radius Client on NPS Side, this meraki KB is really helpful and explains the different cases
On an intranet, If your MX uses a static route to reach out the NPS Server, you will have to use MX IP of network segment used by this route.
If your MX relies on VPN tunnel to reach out NPS, use the MX IP of the highest-numbered VLAN Interface set "in VPN"
I hope it helps