Currently only the following authentication mechanisms are supported:
- User authentication: Active Directory, RADIUS, or Meraki hosted authentication.
- Machine authentication: Preshared keys (shared secret)
When using Meraki hosted authentication, VPN account/user name settings on client devices (PC/MAC) is the user email address entered in the Dashboard.
1. Open Start Menu -> Control Panel, click on Network and Internet, click on View network status and tasks.
2. In the Set up a connection or network pop-up window, choose Connect to a workplace (Set up a dial-up or VPN connection to your workplace).
3. Choose Use my Internet connection (VPN), in the Connect to a workspace dialog window.
4. In the Connect to a Workplace dialog box, enter:
- Internet address: Enter the public IP address (found in Dashboard, under Security appliance -> Monitor -> Appliance Status -> Uplink) for the MX appliance.
- Destination name: Optionally enter a name for the VPN connection.
Choose “Don’t connect now; just set it up so that I can connect later” option.
5. Click Next. In the next dialog window, enter the user credentials, and click Create.
6. Close the VPN connection wizard.
7. Go to Networking and Sharing Center and click Change Adapter Settings.
8. In Network Connections window, right-click on the new VPN connection settings and choose Properties.
9. In the General tab, verify that the public IP address or the URL of the MX appliance.
10. In the Options tab, make sure “Include Windows logon domain” is unchecked.
11. In the “Security” tab, choose “Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)“.
Then, check “Unencrypted password (PAP)“, and uncheck all other options.
Despite the name “Unencrypted PAP”, the client’s password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.
12. Click on “Advanced settings“.
In Advanced Properties dialog box, choose “Use preshared key for authentication” and enter the same key you used for the client VPN settings in the Dashboard. Note: if you are enabling client VPN for your employees, you will need to distribute the key.
13. Click OK.
14. Back at the Network Connections window, right-click on the VPN connection and click Connect.
15. Verify your user name and click Connect.
