Great Video. It answered a few questions I had about this project.
@dracocybersecurity2 жыл бұрын
Glad I could help!
@pankaj88783 жыл бұрын
Awesome Video... thank you.. one question though -- do we need to install RADIUS server in AD?
@dracocybersecurity3 жыл бұрын
In this particular setup, you don't need to install a separate radius server, the Duo Authentication Proxy will facilitate as a Radius Server. You can check out the official document that explain more on this. duo.com/docs/radius
@graciesager Жыл бұрын
@@dracocybersecurity Great video. Follow up question related to the question from the OP, since we're currently using meraki cloud authentication, once I have the proxy authentication server setup on the AD server, I could then change the authentication in Meraki to RADIUS using the proxy server's address? Thanks
@dracocybersecurity Жыл бұрын
Yes you should be able to do that. Just make sure the necessary firewall ports are open and the routing are done properly. I presume that the AD is internal so you need to take note of those nuances.
@graciesager Жыл бұрын
@@dracocybersecurity Thanks for your reply Draco. Unfortunately after following your video to the teeth, as soon as I connect my vpn and asked for my sign in, it just spins then receiving an error that "the remote connection was terminated because the remote computer did not respond in a timely matter" I already set timeout from 60 to 120 secs. It seems that it's not hitting the radius server at all. Any ideas? Thanks again
@wernerscholtz4048 Жыл бұрын
same problem here. everything tests fine but as soon as i hit connect on the vpn client, it gives the above error.@@graciesager
@mdabdulmoiz3 жыл бұрын
sorry i am new to DUO and Meraki, i have understood your configuration but one thing I want to know is when you finally tested user for Client VPN how that push notification was sent to you? do we need to configure and link the AD user we are testing from under DUO portal so that notification is sent to us?
@dracocybersecurity3 жыл бұрын
Check out this link. duo.com/docs/meraki-radius Duo they have a integration diagram that explain the flow much better than I do. What i have done is the older L2TP client. They now have the integration with AnyConnect. Which in my view is more secure. Of course L2TP is free with the system. AnyConnect I believe you need to pay for the license. Talk to your local Partner / Disti to get more support on the detail if you are interested in AnyConnect integration
@jamesjoyce70202 жыл бұрын
Not sure what I did wrong, but I configured the DUO client to my RADIUS server. The connectivity tool in DUO says “There are no configuration problems” the MX device is configure successfully to the RADIUS server, however when I connect to the VPN I am able to successfully connect without 2FA? Any ideas where to look?
@dracocybersecurity2 жыл бұрын
Hard to say but did you configure the Duo Authentication Proxy, to proxy the authentication? Seems that your vpn client is authenticating directly to the Radius instead of through the Duo Authentication proxy. The DAP configuration should be similar to how it is configure in this video, but do check what are the parameters that you need to change.
@graciesager Жыл бұрын
Have you figured this out James? I am having the same problem. Thanks
@johndorian40782 жыл бұрын
Are there any other options for MFA for meraki that you've used.
@dracocybersecurity2 жыл бұрын
I have not done any other integration with other MFA. But you should be able to integrate with other MFA.
@mdabdulmoiz3 жыл бұрын
can we have the vpn user use meraki cloud authentication (with local username pass created ) and then use the DUO? instead of AD credentials?
@dracocybersecurity3 жыл бұрын
From what I understand currently Duo is not integrated with the cloud authentication. You would need a Radius/AD/LDAP.