We are working on Securing our VPN clients that connect to MX Devices. We are looking to Force 2FA on Clients outside of the US. We are using Okta Radius Agents to authenticate against and have authentication working along with 2FA working. But the Meraki Cloud makes the authentication request to our Okta Radius Servers through the MX Gateway on behalf of the user. The Meraki Cloud does not include any IP information from the actual VPN Request in a Radius attribute field. They only have their Clould IP in the Radius Request. Without Meraki Providing the IP that the request is coming from our Okta Radius Server can not tell where in the world (Literally) the VPN request is actually coming from. In the logs and packet captures all request come from the same Meraki Cloud IP. I opened a Support Ticket and they said my best option is submit a feature request and hope in the future it can change.
... View more