What VPN Clients are Meraki users using

mike318
Getting noticed

What VPN Clients are Meraki users using

I do not think Meraki has its own VPN client like AnyConnect etc, what are most Meraki customers using? 

8 REPLIES 8
COG-IT
Conversationalist

Currently we use the built in Windows Client VPN and it works HOWEVER would love for Meraki to integrate Cisco Anyconnect into their MX (along with many customers I'm sure).  

 

https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration

 

 

mike318
Getting noticed

how do you roll it out to everyone?

I we use VRRP so our VIP has a DNS name and I provided our users with directions. 

We tied our AD to the VPN so all the users already know the login name and password.

 

Out of 50 users only 5 couldn't follow directions. You can also automate it via a GPO or Powershell

 

Something like the below:

$ServerAddress = "vpn.domain.com"
$ConnectionName = "Corp VPN"
$PresharedKey = "MakeALongKey"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -Force

 

The one thing to keep in mind about using AD for VPN Authentication is that there is no restriction or way to restrict who has a VPN account. So if you have a user called breakroom with password breakroompassword that is instantly a VPN account.

 

To avert this you might want to look into some Group Filters with AD. Like here. This is technically intended for Wifi but can be used to filter groups accordingly. You can also use the Meraki Cloud as the login method if you do not mind VPN users having a 2nd username/password just for VPN. 

 

I personally hope that Meraki makes the VPN similar to the ASA as that is by far the best VPN I've used in 14 years. I know that Meraki is working on it. I ask all the time. 

What OS are you using, just Windows 10?

We are still running Windows 7 so this powershell command unfortunately is available.

MRCUR
Kind of a big deal

We use the native OS VPN clients on Windows & Mac. We will potentially deploy AnyConnect when support is added, but honestly we don't have any major problems on either platform. 

 

We use a PowerShell script on Windows to create the connection for users who need it. We also use RADIUS for client VPN auth so the issues @NetworkingGuy mentioned aren't a problem for us. If you're not in a specific AD security group, you don't get VPN access. 

MRCUR | CMNO #12

@MRCUR

 

Interesting. I think that the ASA does something similar and I ended up using an NPS server to get the ASA VPN going. Did you do something similar or are you talking about some FreeRADIUS?

 

I now feel like a fool for not thinking more about Radius as a method for authentication here. I'll be messing around with this more tomorrow for sure as I need a more streamlined way than what I'm doing now. =P And, NPS is much better. 

MRCUR
Kind of a big deal

@NetworkingGuy We're using NPS for VPN & WiFi auth. Works really well. 

MRCUR | CMNO #12

@MRCUR

 

Thanks. I'll be testing this out now for sure. Regular AD is not so nice.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels