Meraki

Community

Windows 10 Allways On VPN and Meraki MX84 Client VPN

CarlosAU
New here
‎Feb 25 2018 6:49 PM
‎Feb 25 2018 6:49 PM

Windows 10 Allways On VPN and Meraki MX84 Client VPN

A client wants to configure Always-On VPN connectivity on their Windows 10 fleet,  connecting through Client VPN on a MX84 to an internal Radius server. While it is easy to create a L2TP/pap connection and have it use the Meraki Client VPN authentication, it appears that configuring Always-On in Windows 10 can not use L2TP/pap. Has anyone come across this limitation. It looks as though may need to forgo the Meraki Client VPN altogether.

0 Kudos
3 Replies 3
Uberseehandel
Kind of a big deal
‎Feb 26 2018 12:32 AM
‎Feb 26 2018 12:32 AM

@CarlosAU wrote:

A client wants to configure Always-On VPN connectivity on their Windows 10 fleet,  connecting through Client VPN on a MX84 to an internal Radius server. While it is easy to create a L2TP/pap connection and have it use the Meraki Client VPN authentication, it appears that configuring Always-On in Windows 10 can not use L2TP/pap. Has anyone come across this limitation. It looks as though may need to forgo the Meraki Client VPN altogether.

Always-On requires IKEv2. Unfortunately this is an outstanding feature request, still not fulfilled.

 

However, all is not lost, have you considered using StrongSwan?

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
LV_MW_MSP
Getting noticed
‎Feb 28 2018 9:50 AM
‎Feb 28 2018 9:50 AM

Can you create a logon script, or leverage an RMM tool to automatically keep executing a script that does this?

 

If you have the correct version of Windows 10, you could leverage Microsoft Direct Access servers. This will make it so anytime your Windows 10 fleet has internet it automatically VPN connects back to your internal domain and systems.

0 Kudos
In response to LV_MW_MSP
DHAnderson
Head in the Cloud
‎May 7 2018 4:40 PM
‎May 7 2018 4:40 PM

Direct Access has many benefits over a traditional VPN.  First, the connectivity is over HTTPS so it is not blocked at places that block other VPNs (some public libraries and free WiFi spots).  Second the remote client is visible from the LAN, meaning WSUS can still update while the client is in the field, and tools such as Remote Desktop can run from the LAN to the remote client.

 

Unfortunately, Microsoft keeps all this goodness limited to Windows 10 Enterprise clients.

Dave Anderson
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.