Anyconnect Certificate Authentication on Meraki Firewall running MX 16.9 beta

Solved
KayiAlp
Conversationalist

Anyconnect Certificate Authentication on Meraki Firewall running MX 16.9 beta

Our Meraki firewall runs MX 16.9 beta version. We have configured Anyconnect as our client VPN. We want to enable certificate authentication on Anyconnect and want to use machine-based certificates.

 

I created an enterprise CA and deployed machine-based (computer) certificates to test machines. I exported the certificate and uploaded it under Certificate Authentication but it is still unable to authenticate when trying to connect to the VPN on test machines. I have also updated the profile by checking Certificate Store Override and configuring key usage and extended key usage in certificate matching.

 

Has anyone tried configuring certificate authentication for Anyconnect? If so, how did you make it work? Please advise, Meraki Support was not able to provide much information.

1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal

@KayiAlp you need to upgrade to 16.11, that feature is broken in 16.8 and 16.10

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

3 Replies 3
cmr
Kind of a big deal
Kind of a big deal

@KayiAlp you need to upgrade to 16.11, that feature is broken in 16.8 and 16.10

If my answer solves your problem please click Accept as Solution so others can benefit from it.
KayiAlp
Conversationalist

@cmr  that worked, thank you! Appreciate the help!

Dudleydogg
A model citizen

So does Certificate Authentication work, because I see a note in the config that says it will use Certificate before STILL asking for user Credentials?  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels