cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restrict MX VPN access to only Domain Computers using AnyConnect and Windows NPS Radius

JordanCNolan
Here to help
‎06-04-2021 04:16 AM
‎06-04-2021 04:16 AM

Restrict MX VPN access to only Domain Computers using AnyConnect and Windows NPS Radius

I am looking for a way to ensure that only users with domain joined computers can access the VPN.  I am taking a look at the Event Viewer logs for NPS events and see the following are passed in for user and client machine

 

User:

 

  • Security ID: mydomain\myusername
    Account Name: myusername
    Account Domain: mydomain
    Fully Qualified Account Name: mydoamin.com/Active/Users/Last, First

Client Machine:

 

  • Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    Called Station Identifier: m*************8
    Calling Station Identifier: 68.*.*.*

Is there a way to get the Cisco AnyConnect client to pass the Client Machine info into the NPS Radius when it connects to the MX?  

0 Kudos
Subscribe Reply
1 REPLY 1
JohnT
Getting noticed
‎06-04-2021 11:15 AM
‎06-04-2021 11:15 AM

Re: Restrict MX VPN access to only Domain Computers using AnyConnect and Windows NPS Radius

This could be done with the Cisco ASA and AnyConnect, but I don't believe this feature exists on the Meraki implementation.  I would also be curious if someone has found a workaround for this.  It looks like certificate authentication may be the solution for this.  

0 Kudos
Subscribe Reply
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2021 Meraki