I recently setup our Meraki to allow users to do VPN connections from outside the office using the AnyConnect software. I have it authenticating against the AD domain controller for the connection. What I realized is that there is NO pre shared key that needs to be input on the client side in order to make the connection. I'm used to VPN connections where you have to provide the host, pre-shared key, username, and password to connect. I'm feeling a little vulnerable like a bad actor could try and use brute force to get into the vpn client. I know I could setup user lockout in AD but again, I feel like there should be that extra layer (pre-shared secret) to prevent just anyone on beating up on the system. I know I could do 2FA with Duo as well which we might implement, but for now is there a way to do a pre-shared secret instead of just allowing the connection by providing only the username and password? Maybe I'm overthinking it but again, it just seems less secure than my previous implementations of VPN where a pre-shared secret was needed.
... View more