Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ClientVPNOSConfigurationCiscoMeraki
Signin
ForgotPassword
Signin
ContactSales
Support
Login
SearchDocumentation
Home>SecurityAppliances>ClientVPN>ClientVPNOSConfiguration
ThisarticleoutlinesinstructionstoconfigureaclientVPNconnectiononcommonlyusedoperatingsystems.FormoreinformationaboutclientVPN,pleaserefertoour
documentation.
Android
ToconfigureanAndroiddevicetoconnecttotheClientVPN,followthesesteps:
NavigatetoSettings>Wireless&Networks>VPN
ClickthePlusIcontoaddanadditionalVPNprofile
EnteraVPNNamefortheconnection.
FortheTypedropdownselectL2TP/IPSECPSKVPN
EnterthepublicIPoftheMXdeviceunderServeraddress.
EnterthepresharedkeyunderIPSecpresharedkey.
Savetheconfiguration.
Youwillbepromptedforcredentialswhenyouconnect.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
1/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Chrome OS
ChromeOSbaseddevicescanbeconfiguredtoconnecttotheClientVPNfeatureonMXSecurityAppliances.ThisallowsremoteuserstosecurelyconnecttotheLAN.
ThisarticlewillcoverhowtoconfiguretheVPNconnectiononaChromeOSdevice.FormoreinformationonhowtosetuptheClientVPNfeatureoftheMXorhowto
connectfromotheroperatingsystems,pleasevisittheMXdocumentation.
1.Ifyouhaven'talready,signintoyourChromebook.
2.Clickthestatusareaatthebottomofyourscreen,whereyouraccountpictureislocated.
3.SelectSettings.
4.Inthe"Internetconnection"section,clickAddconnection.
5.SelectAddprivatenetwork.
6.Intheboxthatappears,fillintheinformationbelow:
a.Serverhostname:TheDNSnameorIPaddressoftheMXtowhichtheclientshouldbeconnecting.
b.Servicename:Thiscanbeanythingyouwanttonamethisconnection,forexample,"WorkVPN."
c.Providertype:SelectL2TP/IPsec+Presharedkey.
d.Presharedkey:ThiswillbetheSecretcreatedwhenconfiguringtheClientVPNontheMX.
e.UsernamecredentialsforconnectingtoVPN.IfusingMerakiauthentication,thiswillbeanemailaddress.
f.PasswordcredentialsforconnectingtoVPN.
7.ClickConnect.
FormoreinformationregardingtheconfigurationofVPNconnectionsinChromeOS,visittheGoogleSupportpage.
iOS
ToconfigureaniOSdevicetoconnecttotheClientVPN,followthesesteps:
1.NavigatetoSettings>General>VPN>AddVPNConfiguration...
2.OntheAddConfigurationscreenthatappears,selectL2TP.
3.EnteraDescriptionfortheVPNconnection.
4.EnterthepublicIPoftheMXdeviceastheServer.
5.UnderAccount,entertheusernametobeusedtoconnecttotheClientVPN.
6.EnterthePasswordifdesired.Ifthepasswordisleftblank,itwillneedtobeenteredeachtimethedeviceattemptstoconnecttotheClientVPN.
7.EntertheVPNSecret.
8.EnsurethatSendAllTrafficissettoOn.
9.Savetheconfiguration.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
2/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Mac OSX
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.
TheinstructionsbelowaretestedonMacOS10.7.3(Lion).
OpenSystemPreferences>NetworkfromMacapplicationsmenu.Clickthe"+"buttontocreateanewservice,thenselectVPNastheinterfacetype,andchooseL2TP
overIPsecfromthepulldownmenu.
ServerAddress:EnterthepublicIPaddress(ortheroutablefullyqualifieddomainname,ex:vpn.example.com).
AccountName:Entertheaccountnameoftheuser(basedonAD,RADIUSorMerakiHostedauthentication).
ClickAuthenticationSettingsandprovidethefollowinginformation:
UserAuthentication>Password:Userpassword(basedonAD,RADIUSorMerakiHostedauthentication).
MachineAuthentication>SharedSecret:Thepresharedkeythatyou'vecreatedinConfigure>ClientVPNsettingsfortheMX.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
3/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
ClickOKtogobacktothemainVPNsettingspage,thenclickAdvancedandenabletheSendalltrafficoverVPNconnectionoption.
TheVPNconnectivitywillnotbeestablishedifyoudon'tenabletheSendalltrafficoverVPNconnectionoption!
Windows 7
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.
OpenStartMenu>ControlPanel,clickonNetworkandInternet,clickonViewnetworkstatusandtasks.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
4/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheSetupaconnectionornetworkpopupwindow,chooseConnecttoaworkplace(SetupadialuporVPNconnectiontoyourworkplace).
ChooseUsemyInternetconnection(VPN),intheConnecttoaworkspacedialogwindow.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
5/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheConnecttoaWorkplacedialogbox,enter:
Internetaddress:EnterthepublicIPaddressfortheMXappliance(ortheroutablefullyqualifieddomainname,ex:vpn.example.com).
Destinationname:OptionallyenteranamefortheVPNconnection.
Choose"Don'tconnectnowjustsetitupsothatIcanconnectlater"option.
ClickNext.Inthenextdialogwindow,entertheusercredentials,andclickCreate.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
6/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
ClosetheVPNconnectionwizard.
GotoNetworkingandSharingCenterandclickChangeAdapterSettings
InNetworkConnectionswindow,rightclickonthenewVPNconnectionsettingsandchooseProperties
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
7/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheGeneraltab,verifythatthepublicIPaddressortheURLoftheMXappliance.
IntheOptionstab,makesure"IncludeWindowslogondomain"isunchecked
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
8/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Inthe"Security"tab,choose"Layer2TunnelingProtocolwithIPsec(L2TP/IPSec)".
Then,check"Unencryptedpassword(PAP)",anduncheckallotheroptions.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.
Clickon"Advancedsettings".
InAdvancedPropertiesdialogbox,choose"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:
ifyouareenablingclientVPNforyouremployees,youwillneedtodistributethiskey.
ClickOK.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
9/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect
VerifyyourusernameandclickConnect.
Windows 8
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.
OpenStartMenu>NetworkandSharingCenterandclickSettings.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
10/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheNetworkandSharingCenter,clickSetupanewconnectionornetwork.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
11/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheSetUpaConnectionorNetworkpopupwindow,chooseConnecttoaworkplace.
(SetupadialuporVPNconnectiontoyourworkplace).
ChooseUsemyInternetconnection(VPN),intheConnecttoaWorkspacedialogwindow.
IntheConnecttoaWorkplacedialogbox,enter:
Internetaddress:EnterthepublicIPaddressfortheMXappliance(orthefullyqualifieddomainname,ex:vpn.example.com).
Destinationname:OptionallyenteranamefortheVPNconnection.
ClickCreate.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
12/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
GobacktoNetworkandSharingCenterandclickChangeAdapterSettings.
IntheNetworksConnectionswindow,rightclickontheVPNconnectioniconandchooseProperties.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
13/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheGeneraltab,verifythatthepublicIPaddressortheURLoftheMXappliance.
Inthe"Security"tab,choose"Layer2TunnelingProtocolwithIPsec(L2TP/IPSec)".
Then,check"Unencryptedpassword(PAP)",anduncheckallotheroptions.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.
Clickon"Advancedsettings".
InAdvancedPropertiesdialogbox,choose"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:
ifyouareenablingclientVPNforyouremployees,youwillneedtodistributethiskey.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
14/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
ClickOK.
BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect/Disconnect.
FindyourVPNprofileandclickConnect.
Enteryourusernameandpassword.
ClickOK.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
15/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Windows 10
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,VPNaccount/usernamesettingonclientdevices(e.g.,PCorMac)istheuseremailaddressenteredintheDashboard.
OpenStartMenu>Search"VPN">ClickChangevirtualprivatenetworks(VPN)
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
16/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
FromtheVPNsettingspage,clickAddaVPNconnection.
IntheAddaVPNconnectiondialog:
SettheVPNprovidertoWindows(builtin)
ProvideaConnectionnamefortheVPNconnection
SpecifyapublicIPaddressorhostnamefortheServernameoraddress
SelectL2TP/IPsecwithpresharedkeyfortheVPNtype
ProvideaUsernameandPassword(optional)
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
17/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
AftertheVPNconnectionhasbeencreated,clickChangeadapteroptionsunderRelatedsettings.
RightclickontheVPNConnectionfromthelistofadaptersandclickProperties.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
18/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheSecuritytab,select"Requireencryption(disconnectifseverdeclines)"underDataencryption.
Then,selectAllowtheseprotocolsunderAuthentication.Fromthelistofprotocols,check"Unencryptedpassword(PAP)",anduncheckallotheroptions.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.
Clickon"Advancedsettings"
InAdvancedPropertiesdialogbox,choose"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:
ifyouareenablingclientVPNforyouremployees,youwillneedtodistributethiskey.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
19/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect/Disconnect.
FindyourVPNprofileandclickConnect.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
20/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Enteryourusernameandpassword.
ClickOK.
Windows XP
Currentlyonlythefollowingauthenticationmechanismsaresupported:
Userauthentication:ActiveDirectory(AD),RADIUS,orMerakihostedauthentication.
Machineauthentication:Presharedkeys(a.k.a.,sharedsecret).
WhenusingMerakihostedauthentication,usetheemailaddressforVPNaccount/username.
OpenStartMenu>ControlPanel,clickonNetworkConnections.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
21/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheNetworkTaskssection,clickonCreateanewconnection.
ChooseConnecttothenetworkatmyworkplace,intheNewConnectionWizardwindow.
ChooseVirtualPrivateNetworkconnectioninthenextsection.
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
22/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Then,giveanameforthisconnection:
EnterthepublicIPaddressfortheMXappliance(ortheroutablefullyqualifieddomainname,ex:vpn.ikarem.com):
IntheConnect<ConnectionName>box,clickonProperties
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
23/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
IntheGeneraltab,verifythatthepublicIPaddressortheURLoftheMXappliance.
IntheOptionstab,makesure"IncludeWindowslogondomain"isunchecked
IntheSecuritytab,chooseAdvanced(customsettings).
ClickSettings
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
24/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
InAdvancedSecuritySettingspage,selectOptionalencryptionfromtheDataencryptionpulldownmenu.
ChooseUnencryptedpassword(PAP)fromtheAllowtheseprotocolsoptionsanduncheckeverythingelse.
Despitethename"UnencryptedPAP",theclient'spasswordissentencryptedoveranIPsectunnelbetweentheclientdeviceandtheMX.Thepasswordisfullysecureand
neversentincleartextovereithertheWANortheLAN.
BackontheSecuritytab,clickIPSecSettings...
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
25/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
Check"Usepresharedkeyforauthentication"andenterthesamekeyyouusedfortheclientVPNsettingsintheDashboard.Note:ifyouareenablingclientVPNfor
youremployees,youwillneedtodistributethiskey.
ClickOK.
InNetworkingtab,chooseL2TPIPSecVPNfromtheTypeofVPNoptions.
BackattheNetworkConnectionswindow,rightclickontheVPNconnectionandclickConnect
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
26/27
5/30/2016
ClientVPNOSConfigurationCiscoMeraki
VerifyyourusernameandclickConnect
Contact Support
Mostquestionscanbeansweredbyreviewingour
documentation,butifyouneedmorehelp,Cisco
MerakiSupportisreadytoworkwithyou.
Enteryouremailhere
makeawish
Iwishthisarticlewould...
OpenaCase
2015CiscoSystems,
https://documentation.meraki.com/MXZ/Client_VPN/Client_VPN_OS_Configuration
27/27