Meraki MX Client VPN and DUO MFA Integration and Demo

Рет қаралды 6,187

DracoCyberSecurity

Күн бұрын

Пікірлер: 17

@tricormetals8199 2 жыл бұрын

Great Video. It answered a few questions I had about this project.

@dracocybersecurity 2 жыл бұрын

Glad I could help!

@pankaj8878 3 жыл бұрын

Awesome Video... thank you.. one question though -- do we need to install RADIUS server in AD?

@dracocybersecurity 3 жыл бұрын

In this particular setup, you don't need to install a separate radius server, the Duo Authentication Proxy will facilitate as a Radius Server. You can check out the official document that explain more on this. duo.com/docs/radius

@graciesager Жыл бұрын

@@dracocybersecurity Great video. Follow up question related to the question from the OP, since we're currently using meraki cloud authentication, once I have the proxy authentication server setup on the AD server, I could then change the authentication in Meraki to RADIUS using the proxy server's address? Thanks

@dracocybersecurity Жыл бұрын

Yes you should be able to do that. Just make sure the necessary firewall ports are open and the routing are done properly. I presume that the AD is internal so you need to take note of those nuances.

@graciesager Жыл бұрын

@@dracocybersecurity Thanks for your reply Draco. Unfortunately after following your video to the teeth, as soon as I connect my vpn and asked for my sign in, it just spins then receiving an error that "the remote connection was terminated because the remote computer did not respond in a timely matter" I already set timeout from 60 to 120 secs. It seems that it's not hitting the radius server at all. Any ideas? Thanks again

@wernerscholtz4048 Жыл бұрын

same problem here. everything tests fine but as soon as i hit connect on the vpn client, it gives the above error.@@graciesager

@mdabdulmoiz 3 жыл бұрын

sorry i am new to DUO and Meraki, i have understood your configuration but one thing I want to know is when you finally tested user for Client VPN how that push notification was sent to you? do we need to configure and link the AD user we are testing from under DUO portal so that notification is sent to us?

@dracocybersecurity 3 жыл бұрын

Check out this link. duo.com/docs/meraki-radius Duo they have a integration diagram that explain the flow much better than I do. What i have done is the older L2TP client. They now have the integration with AnyConnect. Which in my view is more secure. Of course L2TP is free with the system. AnyConnect I believe you need to pay for the license. Talk to your local Partner / Disti to get more support on the detail if you are interested in AnyConnect integration

@jamesjoyce7020 2 жыл бұрын

Not sure what I did wrong, but I configured the DUO client to my RADIUS server. The connectivity tool in DUO says “There are no configuration problems” the MX device is configure successfully to the RADIUS server, however when I connect to the VPN I am able to successfully connect without 2FA? Any ideas where to look?

@dracocybersecurity 2 жыл бұрын

Hard to say but did you configure the Duo Authentication Proxy, to proxy the authentication? Seems that your vpn client is authenticating directly to the Radius instead of through the Duo Authentication proxy. The DAP configuration should be similar to how it is configure in this video, but do check what are the parameters that you need to change.

@graciesager Жыл бұрын

Have you figured this out James? I am having the same problem. Thanks