Meraki

JaredFowkes · ‎Jul 1 2021

I have an MX configured to use radius authentication for the client VPN and right now it sends "CLIENTVPN" as the calling-station-id. Is there a way to have it send something useful, like the client's IP address instead?

We just implemented additional security which has been causing user-related issues and when users fail to connect to the VPN, I have to go through the radius logs and then guess which client VPN logs relate to the authentication failure to determine the IP address of the person making the attempt. Not only would this change make troubleshooting easier, but we could also perform more or less restrictive checks based on the client's IP.

PhilipDAth · ‎Jul 1 2021

I don't know the answer.

Try the newer AnyConnect support.

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance

We've been using it almost exclusively. It doesn't send CLIENTVPN anymore. I can tell you the AnyConnect event log in the dashboard is very detailed compared to the L2TP IPSec client VPN.

If you do change over you'll need to buy AnyConnect Plus licences, but they are relatively cheap.

View solution in original post

PhilipDAth · ‎Jul 1 2021

I don't know the answer.

Try the newer AnyConnect support.

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance

We've been using it almost exclusively. It doesn't send CLIENTVPN anymore. I can tell you the AnyConnect event log in the dashboard is very detailed compared to the L2TP IPSec client VPN.

If you do change over you'll need to buy AnyConnect Plus licences, but they are relatively cheap.

JaredFowkes · ‎Jul 6 2021

I'll have to upgrade from our existing MX80 routers before I can try this, but it seems the only option - They're due to be upgraded regardless, so this is just one more reason to do it.

Thank you!

Meraki

Community

Modify the Client VPN's CallingStationId to the Client's IP

Modify the Client VPN's CallingStationId to the Client's IP