Home > Security Appliances > Client VPN > Using Two-Factor Auth with Client VPN

Using Two-Factor Auth with Client VPN

Table of contents

Cisco Meraki Client VPN incorporates several methods for authenticating users before they are allowed onto the network. For admins who want to incorporate an additional level of security, client VPN also allows for the use of third-party two-factor auth solutions, requiring users to go through a second authorization step.

Client VPN does not natively support two-factor auth, a third-party solution is required for this configuration. As such, please refer to your two-factor auth solution's documentation for additional information and troubleshooting.

 

Two-factor auth can be incorporated in one of two ways:

  • Included as part of the authentication. Users are prompted for a username and password as normal, but must provide additional information as required by the third-party solution (appending a key to the password, for example).
  • A push notification, where an agent on a RADIUS server holds an accept message until the user pushes an "accept" button or equivalent on their side. By default on the Meraki platform, the RADIUS session will time out after a short period of time. This may be too short a time span for some solutions, please contact Meraki Support if you need this timeframe extended.

Both of the above methods are compliant under the PCI DSS 3.0 standard, as two-factor security for remote access.

Client VPN does not support the use of xauth, two-factor auth solutions that use xauth are not supported.

Additional Resources

For reference, the following sites outline examples of two-factor auth that may be used with client VPN:

You must to post a comment.
Last modified
10:50, 5 May 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community