cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What VPN Clients are Meraki users using

Getting noticed

What VPN Clients are Meraki users using

I do not think Meraki has its own VPN client like AnyConnect etc, what are most Meraki customers using? 

8 REPLIES 8
Conversationalist

Re: What VPN Clients are Meraki users using

Currently we use the built in Windows Client VPN and it works HOWEVER would love for Meraki to integrate Cisco Anyconnect into their MX (along with many customers I'm sure).  

 

https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration

 

 

Getting noticed

Re: What VPN Clients are Meraki users using

how do you roll it out to everyone?
Here to help

Re: What VPN Clients are Meraki users using

I we use VRRP so our VIP has a DNS name and I provided our users with directions. 

We tied our AD to the VPN so all the users already know the login name and password.

 

Out of 50 users only 5 couldn't follow directions. You can also automate it via a GPO or Powershell

 

Something like the below:

$ServerAddress = "vpn.domain.com"
$ConnectionName = "Corp VPN"
$PresharedKey = "MakeALongKey"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -Force

 

The one thing to keep in mind about using AD for VPN Authentication is that there is no restriction or way to restrict who has a VPN account. So if you have a user called breakroom with password breakroompassword that is instantly a VPN account.

 

To avert this you might want to look into some Group Filters with AD. Like here. This is technically intended for Wifi but can be used to filter groups accordingly. You can also use the Meraki Cloud as the login method if you do not mind VPN users having a 2nd username/password just for VPN. 

 

I personally hope that Meraki makes the VPN similar to the ASA as that is by far the best VPN I've used in 14 years. I know that Meraki is working on it. I ask all the time. 

Here to help

Re: What VPN Clients are Meraki users using

What OS are you using, just Windows 10?

We are still running Windows 7 so this powershell command unfortunately is available.

Kind of a big deal

Re: What VPN Clients are Meraki users using

We use the native OS VPN clients on Windows & Mac. We will potentially deploy AnyConnect when support is added, but honestly we don't have any major problems on either platform. 

 

We use a PowerShell script on Windows to create the connection for users who need it. We also use RADIUS for client VPN auth so the issues @NetworkingGuy mentioned aren't a problem for us. If you're not in a specific AD security group, you don't get VPN access. 

MRCUR | CMNO #12
Here to help

Re: What VPN Clients are Meraki users using

@MRCUR

 

Interesting. I think that the ASA does something similar and I ended up using an NPS server to get the ASA VPN going. Did you do something similar or are you talking about some FreeRADIUS?

 

I now feel like a fool for not thinking more about Radius as a method for authentication here. I'll be messing around with this more tomorrow for sure as I need a more streamlined way than what I'm doing now. =P And, NPS is much better. 

Kind of a big deal

Re: What VPN Clients are Meraki users using

@NetworkingGuy We're using NPS for VPN & WiFi auth. Works really well. 

MRCUR | CMNO #12
Here to help

Re: What VPN Clients are Meraki users using

@MRCUR

 

Thanks. I'll be testing this out now for sure. Regular AD is not so nice.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.