Meraki Duo Vpn

 admin



Product & Engineering

Bring your own device (BYOD) and remote work have been steadily gaining popularity among enterprises as they realize the cost and productivity benefits. And in the current situation, organizations have been, in a span of a few days, forced to operationalize a fully remote workforce without the typical time and planning required for resources such as VPN capacity and managed devices.

Duo

Client VPN Last updated; Save as PDF Most popular; Highest rated; Recently updated; Recently added; Allow remote users to securely access files and services on the network through an encrypted tunnel over the Internet.

  • When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard. The instructions below are tested on Mac OS 10.7.3 (Lion).
  • You can follow Duo's Meraki Client VPN documentation as well as Cisco's documentation on configuring RADIUS authentication with WPA2-Enterprise for Cisco Meraki MR access points. For Meraki Access Points, you will need to have a downstream RADIUS server, such as NPS or FreeRADIUS, to point the Duo Authentication Proxy towards.
  • Background - Client using Meraki Client VPN with DUO, works fine. Client wants to add a new VLAN/Subnet then all of a sudden DUO stops authentication with the new Subnet 'IN VPN'. If you don't add the new VLAN/Subnet into the VPN it works fine.
  • The MX line has only had minor revisions. The Meraki VPN supports only the integrated client in Windows. 2FA for VPN requires adding on DUO. FG allows you to get a lot more granular with firewall rules than MX. The Meraki dashboard is wonderful for smaller environments, particularly under 500 end points. The AutoVPN is great.

To keep employees productive in this new reality, enterprises are enabling direct internet access to cloud applications, reserving network connectivity for on-premises applications and embracing unmanaged devices for work. And IT administrators would benefit from simplified networking and secure access solutions that are quick to deploy and easy to manage from any location.

Born Out of the Same Necessity

Traditional on-premises solutions for IT networking and security are often regarded as cumbersome, typically involving lengthy deployment schedules and administrative overhead. Thankfully, technological advances leading to cloud-based solutions over the past decade have significantly changed that. A cloud-first approach has enabled Cisco’s Meraki and Duo Security to deliver on ease of deployment, simplified management and intuitive user experience through solutions that revolutionized their respective market segments.

Meraki Client Vpn Authentication

Cisco Meraki is the industry leader in cloud-managed IT and creates the simplest, most powerful solutions, helping everyone from small businesses to global enterprises save time and money. Duo, now also part of Cisco, provides an easy to use cloud-based security platform that protects access to all applications, for any user and device, from anywhere. By deploying Duo and Meraki, organizations can reap the benefits of a natively integrated solution that provides comprehensive visibility and secure connectivity both on and off the network.

Establish Device Trust With Meraki Systems Manager

Meraki Systems Manager (SM) is Cisco’s endpoint management solution that provides support, security, and control for end devices. Systems Manager natively integrates with the Meraki product portfolio and allows customers to remotely provision, monitor, and secure devices through the Meraki dashboard.

Duo’s Device Trust helps organizations gain visibility into any device that accesses Duo protected applications and enforce access controls based on the device context such as whether the device is managed and unmanaged (BYOD and contractor devices) and the health of the device.

Meraki duo vpn free

Duo and Meraki make it easy to enable access only from trusted and compliant corporate managed devices while blocking access from unmanaged devices. With the integrated solution, organizations can secure access to critical on-prem or cloud applications from any location or network by allowing access only to devices enrolled in Meraki Systems Manager. ​

Consider the use case the IT security team at Griffin Capital LLC, an investment and asset management company, is looking to solve. The IT team uses Meraki Systems Manager to manage mobile devices and were looking to augment their security controls to block access to corporate resources from untrusted devices.

'We have started to roll out Duo's Device Trust capabilities across the fleet of devices our team manages here at Griffin. As we increasingly rely upon Meraki's Systems Manager solution for device management, we were happy to evaluate Duo's new integration with Systems Manager for Trusted Endpoints. Our initial evaluation has been successful and we are planning to extend it to cover the growing number of devices we now manage using Systems Manager.' - Alex Moratorio, Senior Vice President of IT, Griffin Capital Company, LLC.

Compliant Secure Remote Access

By deploying Duo with Meraki security appliances, organizations can secure VPN access while meeting compliance requirements such as PCI-DSS and HIPAA. Duo integrates with Meraki VPN to add a layer of access security with adaptive multi-factor authentication (MFA) to prevent the use of stolen credentials and protect all VPN logins.

Protect Access to Meraki Cloud Dashboard

One of Meraki’s key value propositions is that network administrators can access the Meraki dashboard - the centralized cloud management platform to manage and monitor all Meraki devices and services, from any location. Duo helps organizations protect administrator access to the Meraki dashboard by preventing unauthorized access and use of stolen credentials. Duo’s MFA easily integrates with Meraki Dashboard logins, delivering an intuitive access experience that users expect from Duo and Meraki.

In Conclusion

Duo with Meraki makes it easy for organizations to deploy and manage their IT networks, and enable secure access only from verified users and compliant devices. IT and security teams can consolidate their access policies in one central location – Duo – and apply them consistently across any application and any device. This helps security professionals to achieve their ultimate goal: reducing risk while providing seamless access for the workforce.

Try Duo for Free

With our free 30-day trial you can see for yourself how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.


Recovering Access to Accounts Protected by Two-Factor Authentication

Meraki Duo Vpn

Meraki Duo Vpn Extension

Two Factor Authentication (TFA) is an important security mechanism, and cannot be disabled by Cisco Meraki without positively identifying the account owner. There are two methods available to ensure access is not lost: a backup phone number (with SMS auth), and a list of one-time codes (with Google Authenticator).

The two methods above are the primary options for disabling or temporarily bypassing two-factor authentication. If these methods cannot be utilized for any reason, the only alternative is to provide proof of identity after contacting Cisco Meraki Technical Support. There are two methods to request removal of SMS and Google Authentication for TFA.

Please note that 2FA removal requests cannot be resolved via our support phone lines. 2FA disablement needs to be requested and processed by the admin email that needs assistance via a Meraki case for security purposes. See steps on recovering access below.

Method 1:

  1. Open a case by emailing licensing@meraki.com.
    - This email must     be sent from the email address of the account TFA is to be disabled on.
    - It must include the full name of the organization that the account resides in.
  2. A second organization administrator must comment on the case through Dashboard granting approval to disable TFA on the account.
    - Email or phone approval is not acceptable for this. The approval must come as a comment on the case.
    - This permission can be granted only by an organization administrator with Full access.

Meraki Duo Vpn Client

Method 2:

Alternatively, if a second organization administrator with full access does not exist or is otherwise unavailable:

  1. Open a case by emailing licensing@meraki.com.
    - This email must     be sent from the email address of the account TFA is to be disabled on.
  2. Once in communication with a Cisco Meraki Support Specialist, explain that TFA needs to be disabled for the account and provide the requested documentation.
  3. The Support Operations Specialist will request more information about the organization and its contents and settings to verify the validity of the request.
  4. Once this step has been completed, a Cisco Meraki Support Specialist will provide you a document which must be signed, notarized, and mailed to Cisco Meraki Headquarters (address found below).
    • When this is received by support, it will then be scanned and attached to the case before TFA is disabled.
    • It is strongly recommended to send this letter with tracking, in case of postal issues.
    • Unless otherwise specified by the Support Ops Team, use the following address format:
      Cisco Meraki- Support Operations
      500 Terry A Francois Blvd
      4th Floor, C/O [SUPPORT OPS SPECIALIST'S NAME]
      San Francisco, CA 94158