The Client VPN uses PAP as the authentication method. PAP authentication is always transmitted inside an IPsec tunnel between the client device and the MX security appliance using strong encryption. User credentials are never transmitted in clear text over the WAN or the LAN. An attacker sniffing on the network will never see user credentials because PAP is the inner-authentication mechanism used inside the encrypted IPsec tunnel.
This article outlines the configuration steps necessary to configure Client VPN and establish a connection from a Linux-based client, using Ubuntu as an example. Note: This article details specific configuration steps for Ubuntu Linux. Depending on the Linux distribution used by the client, these particular steps may not apply. For other distributions, it is recommended to use this article as a baseline, and refer to OS-specific documentation on L2TP over IPsec for details.
Cisco Meraki Client VPN can be configured to use a RADIUS server to authenticate remote users against an existing userbase. This article outlines the configuration requirements for RADIUS-authenticated Client VPN, as well an example RADIUS configuration steps using Microsoft NPS on Windows Server 2008.
Cisco Meraki Client VPN establishes full-tunnel connections by default. A full-tunnel connection will direct all client traffic through the VPN to the configured MX concentrator which will be subject to any content filtering, firewall or traffic shaping rules in place. For remote teleworkers whose traffic should not be restricted in the same manner, clients can be configured to use a split-tunnel connection to direct traffic through the VPN only if necessary.
The Cisco Meraki MX Security Appliance supports Active Directory authentication with Client VPN and Group based content filtering. This feature allows an administrator to configure user authentication against an Active Directory Domain Controller.
When using Meraki Authentication for Client VPN authentication or SSID Association requirements, a network administrator can easily create and edit user accounts from Dashboard. Organization administrators can also delete existing user accounts. This article details the necessary steps to create, edit or delete users for network access.
Cisco Meraki product lines offer various types of VPN options for small office and/or remote deployments. Each option is recommended for a different type of scenario, ranging from a single client, to several wired and wireless clients. If you have a complex requirement not covered below, please contact your Cisco Meraki account executive to discuss what would be the best fit for your particular needs.
Sentry VPN Security is a feature which allows automatic creation and deployment of Client VPN settings to supported devices. Systems Manager Sentry VPN Security can be enabled on your MX Security Appliance network's Client VPN configuration under Security appliance > Configure > Client VPN > Systems Manager Sentry VPN security, and configured by selecting the appropriate tag scoping for your SM devices:
Cisco Meraki Client VPN incorporates several methods for authenticating users before they are allowed onto the network. For admins who want to incorporate an additional level of security, client VPN also supports the use of third-party two-factor auth solutions, requiring users to go through a second authorization step.
No articles with the article type topic could be found.