Meraki

Community

Anyconnect Certificate Authentication on Meraki Firewall running MX 16.9 beta

Solved
KayiAlp
Conversationalist
‎Aug 30 2021 11:49 AM
‎Aug 30 2021 11:49 AM

Anyconnect Certificate Authentication on Meraki Firewall running MX 16.9 beta

Our Meraki firewall runs MX 16.9 beta version. We have configured Anyconnect as our client VPN. We want to enable certificate authentication on Anyconnect and want to use machine-based certificates.

 

I created an enterprise CA and deployed machine-based (computer) certificates to test machines. I exported the certificate and uploaded it under Certificate Authentication but it is still unable to authenticate when trying to connect to the VPN on test machines. I have also updated the profile by checking Certificate Store Override and configuring key usage and extended key usage in certificate matching.

 

Has anyone tried configuring certificate authentication for Anyconnect? If so, how did you make it work? Please advise, Meraki Support was not able to provide much information.

Labels:
0 Kudos
1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal
‎Aug 30 2021 2:35 PM
‎Aug 30 2021 2:35 PM

@KayiAlp you need to upgrade to 16.11, that feature is broken in 16.8 and 16.10

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

3 Replies 3
cmr
Kind of a big deal
Kind of a big deal
‎Aug 30 2021 2:35 PM
‎Aug 30 2021 2:35 PM

@KayiAlp you need to upgrade to 16.11, that feature is broken in 16.8 and 16.10

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
KayiAlp
Conversationalist
‎Sep 5 2021 11:56 AM
‎Sep 5 2021 11:56 AM

@cmr  that worked, thank you! Appreciate the help!

Dudleydogg
A model citizen
‎Nov 24 2021 6:12 AM
‎Nov 24 2021 6:12 AM

So does Certificate Authentication work, because I see a note in the config that says it will use Certificate before STILL asking for user Credentials?  

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.