Modify the Client VPN's CallingStationId to the Client's IP

SOLVED
JaredFowkes
Conversationalist

Modify the Client VPN's CallingStationId to the Client's IP

I have an MX configured to use radius authentication for the client VPN and right now it sends "CLIENTVPN" as the calling-station-id.  Is there a way to have it send something useful, like the client's IP address instead?

 

We just implemented additional security which has been causing user-related issues and when users fail to connect to the VPN, I have to go through the radius logs and then guess which client VPN logs relate to the authentication failure to determine the IP address of the person making the attempt.  Not only would this change make troubleshooting easier, but we could also perform more or less restrictive checks based on the client's IP.

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer.

 

Try the newer AnyConnect support.

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance 

We've been using it almost exclusively.  It doesn't send CLIENTVPN anymore.  I can tell you the AnyConnect event log in the dashboard is very detailed compared to the L2TP IPSec client VPN.

 

If you do change over you'll need to buy AnyConnect Plus licences, but they are relatively cheap.

 

View solution in original post

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer.

 

Try the newer AnyConnect support.

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance 

We've been using it almost exclusively.  It doesn't send CLIENTVPN anymore.  I can tell you the AnyConnect event log in the dashboard is very detailed compared to the L2TP IPSec client VPN.

 

If you do change over you'll need to buy AnyConnect Plus licences, but they are relatively cheap.

 

I'll have to upgrade from our existing MX80 routers before I can try this, but it seems the only option - They're due to be upgraded regardless, so this is just one more reason to do it.

 

Thank you!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels