Hello @RobustMeraki ,
Thanks for your question. The answer is yes, Client VPN (a.k.a. L2TP/IPsec Client VPN) can have its Authentication configured to check credentials provided by Active Directory or other LDAP directory.
However, your use-case requires two things:
- A Site-to-Site VPN between your MX firewall and your Azure VPC
- A RADIUS server that will receive the Client VPN authentication requests and then kind of translate to a domain controller query to your Azure AD.
So this brings more questions like:
- How to establish a Site-to-Site VPN with Azure VPC?
- How to configure a RADIUS server?
I surely can point you to Meraki docs covering the above topics but I suspect you'll link this other solution and design better.
In this other post, people recommended implementing a Cisco AnyConnect using SAML to Azure AD. Cisco AnyConnect is our own Client VPN and I personally prefer it because: a) your MX already has a license and b) AnyConnect uses a TLS tunnel which is generally more resilient to NAT issues when your users are using mobile hotspots, for example.
You can find more details about configuring AnyConnect plus SAML Azure AD here.
And here you can read about AnyConnect setup.
If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.