- #Meraki vpn client configuration with radius how to#
- #Meraki vpn client configuration with radius install#
- #Meraki vpn client configuration with radius password#
Give it a “friendly name”, “static IP” of the AP and then “shared secret” from the template created earlier.ħ) Next right-click “Connection Request Policies” and select “new” under “Policies”Ĩ) Give it a policy name. Select “OK”ĥ) Next select “RADIUS Clients” and “new” under “RADIUS Clients and Servers”Ħ) Add each Meraki AP you will enable WPA2-Enterprise. Select “Templates Management” and right-click “Shared Secret”ģ) Right click and select “New Radius Shared Secret Template”Ĥ) Give the template a name and select “manual” and a “shared secret”.
#Meraki vpn client configuration with radius install#
This will allow your Windows authenticated users seamlessly to connect onto a SSID you present without them having to enter any key etc… It will negotiate trust based on certificate and AD credentials cached onto the machine transparently.ġ) Setup a Windows 2008R2 server and install the NPS (Network Policy Server) role on the server.Ģ) Open NPS on the server.
#Meraki vpn client configuration with radius how to#
If for whatever reason this code does not appear, you can access this code via the command line.Below is a quick guide on how to setup WPA2-Enterprise with Meraki Wireless Cloud based Solution using Microsoft Windows 2008R2 server. The user will need to use this code to configure FortiToken Mobile so that they can then use this device for MFA. Use the drop-down menu to select a FortiToken to assign to this user.Īt this point there should be a message stating that a code has been sent to the user’s device.Select the Country Code and enter the phone number for the FortiToken mobile client you wish to use.To enable it complete the following steps: Here is where we can enable Two-Factor Authentication for this account. Use the drop-down menu to select the RADIUS server we created earlier.elsimpso) You do not need to include the domain prefix. Type in the user name you wish to use (ex.Select ‘User Definition’ from beneath User & Device.Once the group is created, we need to create some users and add them to the group. Give the Group a name and select ‘Firewall’ as the type.Select ‘User Groups’ under User & Device, and select ‘Create New’.Once the RADIUS settings are in place and verified, we need to create a user group. In order to complete a successful user test, we’ll need to run a command from the command line.įortiGate# diagnose test authserver radius RADIUSSERVERNAME mschap2 username passwordīelow is a successful output of this command: Since we have configured our system to use MS-CHAP-v2, you will always receive a failure message is you attempt to use this button. *NOTE: the ‘Test User Credentials’ button will not work, no matter how you configure your settings as this is only designed to function with the insecure PAP security protocol. You should get a green response saying that connectivity is successful. Once the configuration settings are in place you can select the ‘Test Connectivity’ button.
#Meraki vpn client configuration with radius password#
Under Secret enter the secret password you configured in RADIUS client settings.Under Primary Server enter the IP of the RADIUS server again.Enter the IP address of your RADIUS server under NAS IP.Select Specify for Authentication method and chose MS-CHAP-v2.Give your RADIUS server a name (can match Windows server name for easy identifiability). For now, we’ll stick with the FortiGate and a typical AD authentication setup. They even have a dedicated appliance that is specifically designed for authentication offload called the FortiAuthenticator, but we’ll get into that in another article.
It’s important to note that Fortinet allows for their FortiToken functionality to scale well above and beyond what we’ll be looking at today. Today, we’ll be using these included ‘FortiTokens’ to setup our VPN. Fortinet provides an included two licenses of FortiToken (Two-Factor Auth) per FortiGate as a way of allowing administrators to experience the power and simplicity of this feature. The example below is designed to show this configuration in the most basic sense, using only the features that come with a standard FortiGate appliance. I wanted to show a real-life example of how we could provide secure multifactor VPN without having to break the bank.
The article below has been written to demonstrate the authentication features of the Fortinet security appliance suite, specifically their flagship product, the FortiGate firewall. Obviously, there are many choices available, but we found only one that had the scalability necessary to start off small and cost effective, and ultimately scale to hundreds if not thousands of users. As a part of our continued efforts to provide technical guidance for our clients, a request was made recently as to whether or not we could provide a highly secure, multifactor authentication methodology for remote VPN users.