Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki VPN Client

Solved
nikmagashi
Getting noticed
‎Aug 19 2020 2:51 AM
‎Aug 19 2020 2:51 AM

Meraki VPN Client

Hi,
 
We are going to use Meraki VPN Client, with Azure MFA, but we are experiencing some problem. The client is not able to connect. The shared secret is correct, but under the radius server setting, there is a field for another secret, which we think is a different value then the shared secret. Can someone explain what is this secret and where do we find this.
merakivpnclient.PNG
 
 
 

 

 

0 Kudos
Subscribe
1 Accepted Solution
In response to nikmagashi
Jerome_EVAGroup
Here to help
‎Aug 19 2020 5:02 PM
‎Aug 19 2020 5:02 PM

Hi @nikmagashi 

 

Indeed you figured it out:

  • Shared secret field: it the shared secret to be configured on Windows VPN Client as well
  • Secret field in Radius section: it the PSK/Secret to configure with Radius client on NPS server

 

Regarding the IP Address to associate with the Radius Client on NPS Side, this meraki KB is really helpful and explains the different cases

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN#Add...

 

On an intranet, If your MX uses a static route to reach out the NPS Server, you will have to use MX IP of network segment used by this route.

If your MX relies on VPN tunnel to reach out NPS, use the MX IP of the highest-numbered VLAN Interface set "in VPN"

 

I hope it helps

View solution in original post

Subscribe
5 Replies 5
NGleich
Here to help
‎Aug 19 2020 3:14 AM
‎Aug 19 2020 3:14 AM

HI nikmagashi,

 

I am not quite sure but may it be possible that you have to put the RADIUS key in the secret field under RADIUS server and the other field is just for a shared secret that you choose for your cilents to establish the VPN connection?

So you can choose the shared secret and have to put in in when establishing the connection.

The final authentication is against the radius server.

 

I havent configured this before... so its just an idea 🙂

 

Kind Regards

Niklas

0 Kudos
Subscribe
In response to NGleich
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Aug 19 2020 3:18 AM
‎Aug 19 2020 3:18 AM

"Secret" is the shared secret that has to be the same on the RADIUS server and your Dashboard.

 

To be able to use it, your MX has to be configured as RADIUS client on that server. The secret has to be configured in this step.

0 Kudos
Subscribe
In response to CptnCrnch
nikmagashi
Getting noticed
‎Aug 19 2020 3:20 AM
‎Aug 19 2020 3:20 AM

All right but what about the share secret above? Because this is very confusing for me! I have tried to put the same key on both fields but it is now working. The client is not being able to connect.

0 Kudos
Subscribe
In response to CptnCrnch
nikmagashi
Getting noticed
‎Aug 19 2020 3:53 AM
‎Aug 19 2020 3:53 AM

 I think I have figured it out! The shared secret seems to be the pre shared key you use when configuring the vpn settings on the client. 

 

But I still have some questions regarding the client IP on the NPS. On the meraki MX I have a some vlans (lots of MX IP) and of course the public IP. Which IP should be as a client radius on the NPS! Can I choose one of the mx ips as a radius client on the NPS?

0 Kudos
Subscribe
In response to nikmagashi
Jerome_EVAGroup
Here to help
‎Aug 19 2020 5:02 PM
‎Aug 19 2020 5:02 PM

Hi @nikmagashi 

 

Indeed you figured it out:

  • Shared secret field: it the shared secret to be configured on Windows VPN Client as well
  • Secret field in Radius section: it the PSK/Secret to configure with Radius client on NPS server

 

Regarding the IP Address to associate with the Radius Client on NPS Side, this meraki KB is really helpful and explains the different cases

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN#Add...

 

On an intranet, If your MX uses a static route to reach out the NPS Server, you will have to use MX IP of network segment used by this route.

If your MX relies on VPN tunnel to reach out NPS, use the MX IP of the highest-numbered VLAN Interface set "in VPN"

 

I hope it helps

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.