Meraki

Community

VPN Authentication - OSX

FCFC
Here to help
‎Aug 4 2025 7:28 AM
‎Aug 4 2025 7:28 AM

VPN Authentication - OSX

Hi all

 

Bit of an odd one ive come across.

 

Multiple Mac users who previously were able to connect and authenticate a vpn connection are now unable to do so. All users are required to go via a DUO server and authenticate against our DC. The issue has only just started to happen. Strangely if a user logs into the domain via a PC they are then able to connect their VPN on Mac via DUO.


Clearly this is impractical given most of the vpn users are remote and in varying locations.

 

Im just wondering whether anyone has seen this behaviour before.

 

I have been setting up Mac users and VPNS fro several years now and never come across anything like this

 

All advice greatly appreciated  

0 Kudos
9 Replies 9
Mloraditch
Kind of a big deal
Kind of a big deal
‎Aug 4 2025 7:37 AM
‎Aug 4 2025 7:37 AM

What client? Secure Client or built in? What do the logs say is happening? This sounds more like some sort  of account setup issue where maybe something isn't happening until the log into the pc, but need more detail if we are to help. 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
FCFC
Here to help
‎Aug 4 2025 7:46 AM
‎Aug 4 2025 7:46 AM

Hi

 

Thanks for getting back.

 

Users are woking on Mac OSX, using the built in VPN service, LT2P IPSec

There are no logs on the Meraki to look at as we down even get that far.

 

Its worth noting that all users have been able to connect and authenticate on every occasion up until today.

 

I agree re the logging into the PC, but why? Ive never come across anything like that before. Im pretty sure something must have changed but im at a loss as to what it might be

0 Kudos
In response to FCFC
Mloraditch
Kind of a big deal
Kind of a big deal
‎Aug 4 2025 9:52 AM
‎Aug 4 2025 9:52 AM

How do you mean you don't get that far? Has support indicated they don't even see the attempt? If so you have some sort of client side issue.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 4 2025 8:01 AM
‎Aug 4 2025 8:01 AM

I suggest you use a secure client.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
FCFC
Here to help
‎Aug 4 2025 8:18 AM
‎Aug 4 2025 8:18 AM

Im not sure I know what you mean

 

Whats more secure than using MFA against a domain controller?

0 Kudos
In response to FCFC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 4 2025 8:22 AM
‎Aug 4 2025 8:22 AM

I'm suggesting you to use the anyconnect instead of L2TP client.

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance

 

It's much better.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
FCFC
Here to help
‎Aug 4 2025 8:28 AM
‎Aug 4 2025 8:28 AM

Got it, that is a definate consideration going forward, as for now I need to figure out this issue.

 

Appreciate you getting back to me

 

 

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 4 2025 8:51 AM
‎Aug 4 2025 8:51 AM

The is a interesting information.

 

https://duo.com/docs/macos?utm

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 4 2025 1:20 PM
‎Aug 4 2025 1:20 PM

Has there been any recnetly applied Meraki MX firmware upgrades?

PhilipDAth_0-1754338767097.png

 

Has there been any recently Apple updates applied to your machines?

 

What is actually happening?  Do users get a username password/prompt?  Do you get a Duo push?  What does the Duo authentication log say in the Duo portal?

Where does it go wrong in the process?  Are you getting any error message?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.