Is there a way to set the client VPN to use AD and also Meraki authentication? I have had to shutdown all of my DCs because of an emergency power issue. I would like to be able to connect to VPN without a DC being online.
Seems ridiculous that a $10k Firewall would only have one option. You should be able to have at least a few admins that can authenticate client VPN locally. Keep bumping into "little" things like this with Meraki.
I disagree, for disaster situations networking gear is going to be more robust than back-end AD or radius servers. Meraki is also designed for small to medium sized organizations, that may not have multi-site redundancy.
Why not choose Meraki Cloud Authentication or something like Jumpcloud then? They‘re prolly more scalable and / or reliable from your point of view.
However, I don‘t think we‘ll find a common ground here. The fact is: you don‘t have a technical possibility to fulfill your requirement with Meraki or several other vendors. As these will happily build their stuff around requirements for as many customers as possible, that seem to be perfectly happy with that. Perhaps your requirements are simply different. But we‘re getting philosophical here. 🙂
@CptnCrnch I do actually agree with @Ted-Laun here, it should be possible to set a primary and secondary auth method, or even just have local/Meraki as secondary to a remote method such as AD.
We do use a VPN head end that supports this and despite having 4x AD DCs we did come into a situation where just having one admin that could connect via local auth was useful and reduced our recovery time by about an hour when we had a vendor engineer take down our primary datacenter while our (then) primary WAN provider was having a wobble that stopped the datacenters talking despite the failover WAN being 100%.
One new SAN vendor and a Meraki SD-WAN solution later, we shouldn't ever need the local auth again, but it was useful that one time!