cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Group Policy

Highlighted
Comes here often

VPN Group Policy

Hello, I'm evaluating going Meraki from an ASA for perimeter security at some locations, and the only two potential hangups I'm having are:

1. Does the Client VPN configuration support dynamic Group Policy / Access based on RADIUS Group attributes (like MS250 Access Policies for switchport security)?

2. Is there any consideration by Meraki of future support for LDAP-s AUTH across the board? That's what I use heavily today for Authentication and Authorization, but it doesn't appear Meraki supports LDAP at all.

3 REPLIES 3
Kind of a big deal

Re: VPN Group Policy

When you setup the client VPN option using Active Directory it does use LDAPS.

https://documentation.meraki.com/MX-Z/Client_VPN/Integrating_Active_Directory_with_Client_VPN

 

I don't think you can apply dynamic group policy to users VPNing in.

 

I have never attempted it - but you may be able to do something for users that have an MDM agent installed onto their machine, and using a dynamic tag to assign policy.

Comes here often

Re: VPN Group Policy

Thanks for the response. Unfortunately, by our customer security requirements, we can't use AD. We're a total Linux, MacOS shop. We use FreeIPA. We use Aruba WiFi since it supports PMKID and LDAP-s, but Meraki WiFi had not at the time (maybe still doesn't).

I'll keep digging. Surely Meraki has some answer to this outside Windows. Thanks again!!

Kind of a big deal

Re: VPN Group Policy

When it says "AD" it is really LDAPs.  I don't see why you couldn't point it at any LDAPs server.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.