How to Setup Meraki VPN Entra ID Authentication Using RADIUS

Prerequisites for Setting Up Entra ID Authentication With RADIUS in Meraki VPN

  1. Registering the application in your tenant
  2. Creating Cloud Radius Instance
  3. Being a Subscription Owner or Network Administrator or Log Reader
  4. Register your IP Address in your RADIUS Access Policies

Introduction - How Entra ID Authentication Works in Meraki VPN and EZRADIUS

Meraki VPN utilizes PAP authentication which is not compatible with Entra ID. The closest you can do to have users authenticate with Entra ID is to Enable self service network account creation for users. This allows your users to create their own network credentials and reset them using their Entra ID credentials. This also ties the account lifecycle to Entra ID, meaning that if you delete a user in Entra ID it will also be deleted from your network authentication. How RADIUS Authentication Works with Meraki VPN and EZRADIUS and Entra ID

How to Enable RADIUS Authentication In Your Meraki Client VPN - Step by Step

  1. Go to your Meraki VPN Controller.
  2. Click on “Security & SD-Wan” on the left menu and Select “Client VPN. How To Enable Meraki Client VPN Settings
  3. Make sure that the “Client VPN Server” is enabled.
  4. Enter the Subnet you want to use for your VPN clients.
  5. In the “DNS nameservers” field, enter the DNS servers you want to use for your VPN clients.
  6. In the shared secret field, enter a shared secret that you will use for your VPN clients.
  7. In the “Authentication” dropdown, select “RADIUS”.
  8. This is how your settings should look like: How to Setup Meraki VPN Client VPN Entra ID (AAD) Authentication
  9. Click on “Add a RADIUS server”. How to Setup Meraki VPN Client with Cloud RADIUS
  10. In another Tab, go to your EZRADIUS dashboard and copy the “RADIUS Server IP” from the “Policies” page (You can repeat this step for the three IPs for higher availability). How to Setup Cloud RADIUS Profile in Meraki VPN
  11. From your Policy Details, Copy the “Shared Secret” you setup for this client IP Address (In this case, my IP address is 34.2.2.1) How to Setup Cloud RADIUS Profile in Meraki VPN
  12. Now we will go back to the Meraki VPN Network Controller and paste the “RADIUS Server IP” in the “Host” field.
  13. In the “Port” field, enter “1812”.
  14. In the “Authentication” field, paste the “Shared Secret” you copied from EZRADIUS. How to Setup Cloud RADIUS Profile in Meraki VPN
  15. If you want to add multiple IPs for higher availability, click on “Add a RADIUS server” and repeat the steps for the other two IPs.
  16. Set the RADIUS timeout to 30 seconds.
  17. Click on “Save” In the bottom. How to Add RADIUS Server for Entra ID in Meraki VPN

How to Connect Devices to Meraki VPN with Entra ID Authentication

Now that we have setup your Meraki VPN with RADIUS authentication, now your users can follow this guide to create their network password and then use their username and created password to authenticate to the VPN. (Note: in here we are going to do it manually in windows but we recommend using an MDM to distribute the VPN settings and make it easier for your users).

  1. Go to your Windows device.
  2. Click on the network icon on the bottom right.
  3. Click on “VPN”.
  4. Click on “More VPN Settings” on the bottom left.
  5. Click on “Add a VPN”. How to Add CISCO Meraki VPN in Windows
  6. In the “VPN Provider” dropdown, select “Windows (built-in)”.
  7. In the “Connection Name” field, enter a name for your VPN connection.
  8. In the “Server Name or Address” field, enter the hostname from your Meraki Dashboard or the public IP address of your Meraki VPN.
  9. In the “VPN Type” dropdown, select “L2TP/IPsec with pre-shared key”.
  10. In the “Pre-shared key” field, enter the shared secret you setup in your Meraki VPN.
  11. In the “Type of sign-in info” dropdown, select “Username and password”.
  12. Click on “Save”. How to Add CISCO Meraki VPN in Windows for Entra ID Authentication
  13. When you click on “Connect”, you will be prompted to enter your username and password. How to Add CISCO Meraki VPN in Windows for Entra ID Authentication
  14. Click on “Connect” and you will be connected to your Meraki VPN.