Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1512
Views
0
Helpful
2
Replies

DUO MFA With Meraki MX100 VPN

aplack
Level 1
Level 1

‎12-27-2019 02:04 PM

I have run into a wall and cannot figure this setup out.

I have configured the Auth Proxy per the instructions for the Meraki MX here --> Two-Factor Authentication for Meraki Client VPN | Duo Security

I have attempted with only the proxy and with the NPS RADIUS setup as well. Still, I cannot ever get a DUO push or any other 2FA from DUO to trigger and allow access.

Here is my auth config. Running the connectivity tool returns no errors. Am I blind and missing something simple?

[ad_client]
host=192.168.xxx.xxx
service_account_username=username
service_account_password=password
search_dn=dc=test,dc=local

[radius_server_auto]
ikey=DuoMerakiikey
skey=■■■■■■■■■■■■■■■■■■■■uo
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
radius_ip_1=ip.xxx.xxx.xxx to our MX
radius_secret_1=secret_shared_with_MX
failmode=safe
client=ad_client
port=1812

C:\Windows\system32>“C:\Program Files (x86)\Duo Security Authentication Proxy\bin\authproxy_connectivity_tool.exe”
Running The Duo Authentication Proxy Connectivity Tool. This may take several minutes…
[info] Testing section ‘ad_client’ with configuration:
[info] {‘host’: ‘192.168.xxx.xxx’,
‘search_dn’: ‘dc=test,dc=local’,
‘service_account_password’: ‘’,
‘service_account_username’: ‘username’}
[info] There are no configuration problems
[info] -----------------------------
[info] Testing section ‘radius_server_auto’ with configuration:
[info] {‘api_host’: ‘■■■■■■■■■■■■■■■■■■■■■■■■■■■■■’,
‘client’: ‘ad_client’,
‘failmode’: ‘safe’,
‘ikey’: ‘DuoMerakiikey’,
‘port’: ‘1812’,
‘radius_ip_1’: ‘ip.xxx.xxx.xxx to our MX’,
‘radius_secret_1’: '’,
‘skey’: ‘[40]’}
[info] There are no configuration problems
[info] -----------------------------
[info] Testing section ‘ad_client’ with configuration:
[info] {‘host’: ‘192.168.xxx.xxx’,
‘search_dn’: ‘dc=cmr,dc=local’,
‘service_account_password’: '’,
‘service_account_username’: ‘username’}
[info] The LDAP Client section has no connectivity issues.
[info] -----------------------------
[info] Testing section ‘radius_server_auto’ with configuration:
[info] {‘api_host’: ‘■■■■■■■■■■■■■■■■■■■■■■■■■■■■’,
‘client’: ‘ad_client’,
‘failmode’: ‘safe’,
‘ikey’: ‘DuoMerakiikey’,
‘port’: ‘1812’,
‘radius_ip_1’: ‘ip.xxx.xxx.xxx to our MX’,
‘radius_secret_1’: ‘’,
‘skey’: '[40]’}
[info] The RADIUS Server has no connectivity problems.
[info] -----------------------------
[info] SUMMARY
[info] No issues detected

The results have also been logged in C:\Program Files (x86)\Duo Security Authentication Proxy\log\connectivity_tool.log

0 Helpful
2 Replies 2

DuoKristina
Cisco Employee
Cisco Employee

‎01-06-2020 07:23 AM

Did you try enabling debug logging on your Duo authentication proxy to see what happens during an authentication attempt? Please don’t post any debug log output with sensitive information here in this public forum.

For in-depth troubleshooting assistance, you should contact Duo Support.

Duo, not DUO.
0 Helpful

bjames
Level 5
Level 5

‎03-04-2020 02:21 PM

I just set this up and got it working (after a few failures). Where is the MX in relation to your AuthProxy (LAN< WAN> VPN)? Is your authproxy running (mine would start then shutdown due to a stupid typo on my part).

The Meraki side is pretty basic and it will not allow you to add the Radius Server if it can’t communicate with it. I will say the Meraki VPN client configuration is poor at best, which client are you usng to VPN in and do you get connected, just not a prompt?

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents