Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1598
Views
2
Helpful
1
Replies

Meraki with DUO for Client VPN Caveat

bjames
Level 5
Level 5

‎10-13-2020 08:03 AM

Hi,

I thought I would post this here, and I will cross post on Meraki as well in hopes it will save someone some grief.
Background - Client using Meraki Client VPN with DUO, works fine. Client wants to add a new VLAN/Subnet than all of a sudden DUO stops authentication with the new Subnet “IN VPN”. If you don’t add the new VLAN/Subnet into the VPN it works fine.

Called Meraki support and asked if the IP address (source to Auth Proxy) would change by adding a new VLAN; the answer was no the IP should stay the same.

Took a sniffer trace with and without the new VLAN and found the IP address of the Meraki did change, so we had to add it to the allowed sources in the Auth Proxy config. Then it worked.

Verified with Meraki the (for some unknown reason) that it takes the highest VLAN numbers’ IP address as the the SVI for the Meraki Client causing the source IP address of the Auth request to come from the higher IP address.

I hope this makes sense, if not let me know.

Labels:
1 Reply 1

Amy2
Level 5
Level 5

‎11-10-2020 01:13 PM

Hello @StealthNet,

Thank you for sharing this solution with the community! Just wanted to let you know we were able to turn the information you shared into a knowledge base article, which you can read here: https://help.duo.com/s/article/6461

Thank you again for your contributions here.

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents