Meraki

Community

VPN Group Policy

brconflict
Here to help
‎Aug 28 2017 2:49 PM
‎Aug 28 2017 2:49 PM

VPN Group Policy

Hello, I'm evaluating going Meraki from an ASA for perimeter security at some locations, and the only two potential hangups I'm having are:

1. Does the Client VPN configuration support dynamic Group Policy / Access based on RADIUS Group attributes (like MS250 Access Policies for switchport security)?

2. Is there any consideration by Meraki of future support for LDAP-s AUTH across the board? That's what I use heavily today for Authentication and Authorization, but it doesn't appear Meraki supports LDAP at all.

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 29 2017 3:31 PM
‎Aug 29 2017 3:31 PM

When you setup the client VPN option using Active Directory it does use LDAPS.

https://documentation.meraki.com/MX-Z/Client_VPN/Integrating_Active_Directory_with_Client_VPN

 

I don't think you can apply dynamic group policy to users VPNing in.

 

I have never attempted it - but you may be able to do something for users that have an MDM agent installed onto their machine, and using a dynamic tag to assign policy.

0 Kudos
In response to PhilipDAth
brconflict
Here to help
‎Aug 30 2017 7:27 AM
‎Aug 30 2017 7:27 AM

Thanks for the response. Unfortunately, by our customer security requirements, we can't use AD. We're a total Linux, MacOS shop. We use FreeIPA. We use Aruba WiFi since it supports PMKID and LDAP-s, but Meraki WiFi had not at the time (maybe still doesn't).

I'll keep digging. Surely Meraki has some answer to this outside Windows. Thanks again!!

0 Kudos
In response to brconflict
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 30 2017 4:25 PM
‎Aug 30 2017 4:25 PM

When it says "AD" it is really LDAPs.  I don't see why you couldn't point it at any LDAPs server.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.