Sei sulla pagina 1di 27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Signin
ForgotPassword
Signin

ContactSales

Support

Login

SearchDocumentation
Home>SecurityAppliances>ClientVPN>ClientVPNOSConfiguration

Client VPN OS Con guration

ThisarticleoutlinesinstructionstoconfigureaclientVPNconnectiononcommonlyusedoperatingsystems.FormoreinformationaboutclientVPN,pleaserefertoour
documentation.

Android
ToconfigureanAndroiddevicetoconnecttotheClientVPN,followthesesteps:
NavigatetoSettings>Wireless&Networks>VPN
ClickthePlusIcontoaddanadditionalVPNprofile

EnteraVPNNamefortheconnection.
FortheTypedropdownselectL2TP/IPSECPSKVPN
EnterthepublicIPoftheMXdeviceunderServeraddress.
EnterthepresharedkeyunderIPSecpresharedkey.

Savetheconfiguration.
Youwillbepromptedforcredentialswhenyouconnect.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

1/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Chrome OS
ChromeOSbaseddevicescanbeconfiguredtoconnecttotheClientVPNfeatureonMXSecurityAppliances.ThisallowsremoteuserstosecurelyconnecttotheLAN.
ThisarticlewillcoverhowtoconfiguretheVPNconnectiononaChromeOSdevice.FormoreinformationonhowtosetuptheClientVPNfeatureoftheMXorhowto
connectfromotheroperatingsystems,pleasevisittheMXdocumentation.

1.Ifyouhaven'talready,signintoyourChromebook.
2.Clickthestatusareaatthebottomofyourscreen,whereyouraccountpictureislocated.
3.SelectSettings.
4.Inthe"Internetconnection"section,clickAddconnection.
5.SelectAddprivatenetwork.
6.Intheboxthatappears,fillintheinformationbelow:
a.Serverhostname:TheDNSnameorIPaddressoftheMXtowhichtheclientshouldbeconnecting.
b.Servicename:Thiscanbeanythingyouwanttonamethisconnection,forexample,"WorkVPN."
c.Providertype:SelectL2TP/IPsec+Presharedkey.
d.Presharedkey:ThiswillbetheSecretcreatedwhenconfiguringtheClientVPNontheMX.
e.UsernamecredentialsforconnectingtoVPN.IfusingMerakiauthentication,thiswillbeanemailaddress.
f.PasswordcredentialsforconnectingtoVPN.
7.ClickConnect.
FormoreinformationregardingtheconfigurationofVPNconnectionsinChromeOS,visittheGoogleSupportpage.

iOS
ToconfigureaniOSdevicetoconnecttotheClientVPN,followthesesteps:

1.NavigatetoSettings>General>VPN>AddVPNConfiguration...
2.OntheAddConfigurationscreenthatappears,selectL2TP.
3.EnteraDescriptionfortheVPNconnection.
4.EnterthepublicIPoftheMXdeviceastheServer.
5.UnderAccount,entertheusernametobeusedtoconnecttotheClientVPN.
6.EnterthePasswordifdesired.Ifthepasswordisleftblank,itwillneedtobeenteredeachtimethedeviceattemptstoconnecttotheClientVPN.
7.EntertheVPNSecret.
8.EnsurethatSendAllTrafficissettoOn.
9.Savetheconfiguration.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

2/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Mac OSX
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.
TheinstructionsbelowaretestedonMacOS10.7.3(Lion).
OpenSystemPreferences>NetworkfromMacapplicationsmenu.Clickthe"+"buttontocreateanewservice,thenselectVPNastheinterfacetype,andchooseL2TP
overIPsecfromthepulldownmenu.
ServerAddress:EnterthepublicIPaddress(ortheroutablefullyqualifieddomainname,ex:vpn.example.com).
AccountName:Entertheaccountnameoftheuser(basedonAD,RADIUSorMerakiHostedauthentication).

ClickAuthenticationSettingsandprovidethefollowinginformation:
UserAuthentication>Password:Userpassword(basedonAD,RADIUSorMerakiHostedauthentication).
MachineAuthentication>SharedSecret:Thepresharedkeythatyou'vecreatedinConfigure>ClientVPNsettingsfortheMX.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

3/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

ClickOKtogobacktothemainVPNsettingspage,thenclickAdvancedandenabletheSendalltrafficoverVPNconnectionoption.

TheVPNconnectivitywillnotbeestablishedifyoudon'tenabletheSendalltrafficoverVPNconnectionoption!

Windows 7
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.

OpenStartMenu>ControlPanel,clickonNetworkandInternet,clickonViewnetworkstatusandtasks.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

4/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheSetupaconnectionornetworkpopupwindow,chooseConnecttoaworkplace(SetupadialuporVPNconnectiontoyourworkplace).

ChooseUsemyInternetconnection(VPN),intheConnecttoaworkspacedialogwindow.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

5/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheConnecttoaWorkplacedialogbox,enter:
Internetaddress:EnterthepublicIPaddressfortheMXappliance(ortheroutablefullyqualifieddomainname,ex:vpn.example.com).
Destinationname:OptionallyenteranamefortheVPNconnection.

Choose"Don'tconnectnowjustsetitupsothatIcanconnectlater"option.

ClickNext.Inthenextdialogwindow,entertheusercredentials,andclickCreate.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

6/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

ClosetheVPNconnectionwizard.

GotoNetworkingandSharingCenterandclickChangeAdapterSettings

InNetworkConnectionswindow,rightclickonthenewVPNconnectionsettingsandchooseProperties

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

7/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheGeneraltab,verifythatthepublicIPaddressortheURLoftheMXappliance.

IntheOptionstab,makesure"IncludeWindowslogondomain"isunchecked

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

8/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Inthe"Security"tab,choose"Layer2TunnelingProtocolwithIPsec(L2TP/IPSec)".
Then,check"Unencryptedpassword(PAP)",anduncheckallotheroptions.

Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.

Clickon"Advancedsettings".
InAdvancedPropertiesdialogbox,choose"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:
ifyouareenablingclientVPNforyouremployees,youwillneedtodistributethiskey.

ClickOK.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

9/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect

VerifyyourusernameandclickConnect.

Windows 8
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.

OpenStartMenu>NetworkandSharingCenterandclickSettings.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

10/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheNetworkandSharingCenter,clickSetupanewconnectionornetwork.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

11/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheSetUpaConnectionorNetworkpopupwindow,chooseConnecttoaworkplace.
(SetupadialuporVPNconnectiontoyourworkplace).

ChooseUsemyInternetconnection(VPN),intheConnecttoaWorkspacedialogwindow.

IntheConnecttoaWorkplacedialogbox,enter:
Internetaddress:EnterthepublicIPaddressfortheMXappliance(orthefullyqualifieddomainname,ex:vpn.example.com).
Destinationname:OptionallyenteranamefortheVPNconnection.
ClickCreate.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

12/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

GobacktoNetworkandSharingCenterandclickChangeAdapterSettings.

IntheNetworksConnectionswindow,rightclickontheVPNconnectioniconandchooseProperties.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

13/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheGeneraltab,verifythatthepublicIPaddressortheURLoftheMXappliance.

Inthe"Security"tab,choose"Layer2TunnelingProtocolwithIPsec(L2TP/IPSec)".
Then,check"Unencryptedpassword(PAP)",anduncheckallotheroptions.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.

Clickon"Advancedsettings".
InAdvancedPropertiesdialogbox,choose"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:
ifyouareenablingclientVPNforyouremployees,youwillneedtodistributethiskey.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

14/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

ClickOK.
BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect/Disconnect.

FindyourVPNprofileandclickConnect.

Enteryourusernameandpassword.
ClickOK.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

15/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Windows 10
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.

OpenStartMenu>Search"VPN">ClickChangevirtualprivatenetworks(VPN)

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

16/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

FromtheVPNsettingspage,clickAddaVPNconnection.

IntheAddaVPNconnectiondialog:
SettheVPNprovidertoWindows(builtin)
ProvideaConnectionnamefortheVPNconnection
SpecifyapublicIPaddressorhostnamefortheServernameoraddress
SelectL2TP/IPsecwithpresharedkeyfortheVPNtype
ProvideaUsernameandPassword(optional)
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

17/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

AftertheVPNconnectionhasbeencreated,clickChangeadapteroptionsunderRelatedsettings.

RightclickontheVPNConnectionfromthelistofadaptersandclickProperties.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

18/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheSecuritytab,select"Requireencryption(disconnectifseverdeclines)"underDataencryption.
Then,selectAllowtheseprotocolsunderAuthentication.Fromthelistofprotocols,check"Unencryptedpassword(PAP)",anduncheckallotheroptions.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.

Clickon"Advancedsettings"
InAdvancedPropertiesdialogbox,choose"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:
ifyouareenablingclientVPNforyouremployees,youwillneedtodistributethiskey.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

19/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect/Disconnect.

FindyourVPNprofileandclickConnect.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

20/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Enteryourusernameandpassword.
ClickOK.

Windows XP
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,usetheemailaddressforVPNaccount/username.

OpenStartMenu>ControlPanel,clickonNetworkConnections.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

21/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheNetworkTaskssection,clickonCreateanewconnection.

ChooseConnecttothenetworkatmyworkplace,intheNewConnectionWizardwindow.

ChooseVirtualPrivateNetworkconnectioninthenextsection.

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

22/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Then,giveanameforthisconnection:

EnterthepublicIPaddressfortheMXappliance(ortheroutablefullyqualifieddomainname,ex:vpn.ikarem.com):

IntheConnect<ConnectionName>box,clickonProperties

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

23/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

IntheGeneraltab,verifythatthepublicIPaddressortheURLoftheMXappliance.

IntheOptionstab,makesure"IncludeWindowslogondomain"isunchecked

IntheSecuritytab,chooseAdvanced(customsettings).
ClickSettings
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

24/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

InAdvancedSecuritySettingspage,selectOptionalencryptionfromtheDataencryptionpulldownmenu.
ChooseUnencryptedpassword(PAP)fromtheAllowtheseprotocolsoptionsanduncheckeverythingelse.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.

BackontheSecuritytab,clickIPSecSettings...

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

25/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

Check"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:ifyouareenablingclientVPNfor
youremployees,youwillneedtodistributethiskey.
ClickOK.

InNetworkingtab,chooseL2TPIPSecVPNfromtheTypeofVPNoptions.

BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

26/27

5/30/2016

ClientVPNOSConfigurationCiscoMeraki

VerifyyourusernameandclickConnect

Contact Support
Mostquestionscanbeansweredbyreviewingour
documentation,butifyouneedmorehelp,Cisco
MerakiSupportisreadytoworkwithyou.

Enteryouremailhere

makeawish

Iwishthisarticlewould...

OpenaCase

2015CiscoSystems,

https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration

27/27

Potrebbero piacerti anche