Meraki AnyConnect VPN

Capabilities overview

We can integrate Meraki MX with idemeum Cloud Radius infrastructure. When users connect to the company AnyConnect VPN, they can log in with Passwordless MFA instead of typing a username and password.

In this integration guide, we will be setting up idemeum Cloud Radius and connecting it with Meraki deployment. You can learn more about idemeum Cloud Radius service here.

Set up idemeum integration

Create Meraki AnyConnect application

  • Navigate to idemeum admin portal
  • Access Applications and then search for Meraki AnyConnect Radius application
  • Click Add app
  • Enter the following information:
    • Client IP - this is the IP address from which Radius requests will be originating. Typically this is the external IP address of your WAN interface.
    • Advance Options - only applicable when you have multiple Radius applications configured for the same network. The public IP address for these Radius applications will be the same. Hence to differentiate between requests, you need to specify NAS IP addresses for each client.
💡
The shared secret is generated post saving the application. Click Edit of Meraki AnyConnect Radius app in the My applications tab to copy the Shared secret. You will later use it in the Meraki configuration. This secret allows your Meraki wireless gateway to authenticate using idemeum Cloud Radius infrastructure.
  • Click Save to save the Meraki AnyConnect Radius application

Entitle the Meraki AnyConnect application

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to the Entitlements section to assign applications to your employees.

Set up Meraki integration

  • Navigate to your Meraki Admin Dashboard
  • Choose Security & SD-WAN -> Client VPN
  • Choose AnyConnect Settings
  • Scroll down to Authentication and Access
  • Choose Authentication -> Radius
  • Click Add a RADIUS server
Now you will need to use idemeum Cloud Radius IP address that you can check here.

idemeum Cloud Radius IP addresses
  • Enter the IP address of the idemeum Radius server into Host field
  • Port is 1812
  • Enter Secret that you generated when configuring the Meraki application in idemeum. (Click Edit of Meraki AnyConnect Radius app in the My applications tab to copy the Shared secret)
  • Click Save to apply configuration

User experience

Users will able to connect in the following way:

  1. Connect to the company VPN network
  2. The user will be prompted for a username and password. The user will type the email address and leave the password blank
  3. Users will receive an idemeum push notification to a mobile device.
  4. Once approved with biometrics user will be connected to the network.