Meraki Client VPN 2 Factor Authentication

chrishogan2 · 2016-03-04T19:10:24.000Z

We use a Meraki MX64 for client VPN access. We are looking to implement 2 Factor Authentication. I understand it is not supported natively and requires a 3rd party 2FA solution. Has anyone does this and care to share how you went about it? We have less than 30 VPN users.

@Cisco_Meraki_1

bsvec · 2016-03-04T21:34:13.000Z

I haven’t personally, but recalled someone who did over here: Reddit - Dive into anything

servermonkey8064 · 2016-03-05T08:13:56.000Z

I’d take a look at Duo, it’s cheap and should be simple for you and more importantly it’s very simple for end users.

michaelsecurity · 2016-03-05T18:31:57.000Z

I second duo. i use it for a 250 person company and it works great. very easy to manage/implement won’t have to spend IT resource educating users on how to use another solution .

chrishogan2 · 2016-03-08T13:51:51.000Z

Thanks. Duo looks promising.

johndoe96 · 2016-09-03T17:00:54.000Z

Duo is great for adding 2-factor, but also consider if your organization is going to need SSO and the ability to do intelligent MFA. Duo doesn’t do SSO to my knowledge, but a product like SecureAuth can do both. Better to find 1 solution that can do it all (if you want SSO), and go with it.

gregmills2 · 2016-11-15T14:13:27.000Z

Does anyone know if there is a way of using Google’s 2FA, that we already use for Gmail, with Meraki? It would be great if we didn’t have to deploy yet another solution to confuse and annoy staff.

gregmills2 · 2016-11-16T10:47:16.000Z

Meraki have confirmed that Google’s 2FA can’t be used directly, but I’m now wondering if we can use it with a third party 2FA solution? In much the same way that sites often allow you to authenticate using Facebook, maybe Duo or similar will allow us to use Google as the authentication source?

gregmills2 · 2017-06-08T13:53:19.000Z

So we’re revisiting this as a project, but the criteria have changed. What we’re now looking for is a cloud based VPN gateway, that will use Google’s 2FA and work with our Meraki kit. We currently have four sites in the UK all with their own VPN gateways. We want to consolidate these into one gateway that is in the cloud and not therefore vulnerable to site specific threats. All the servers are at one site, and all the DR at another. In a DR situation, we would like the solution to be able to route traffic to the DR site in the event that we have failed over.

I will have another chat with the Duo guys, but thought I’d check back here too.

Any thoughts or suggestions?

bsvec · 2017-06-08T14:38:21.000Z

Sorry if this is not helpful, but I have a passing interesting in this and found: https://saaspass.com/totp/cisco-meraki-google-authenticator-two-step-verification-2-one-time-password.html

It seems like 3rd party 2FA app/service that can work with Meraki and Google 2FA. I agree that at this time I don’t think you can use Google authenticator directly for client VPN (although you can for dashboard login)