Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3278
Views
0
Helpful
2
Replies

Systems Manager VPN Settings

DCHGIT
Community Member

‎12-12-2023 01:54 PM

Hello Everyone,

I am trying to configure a VPN payload for iOS in Systems Manager but I cannot get it working for our VPN client. I believe I'm getting hung up on the Local vs. Remote identifiers. I am assuming the Local identifier is the app ID but what is the Remote identifier?

Other MDM's I've worked with allowed for a Connection Type of "Custom" and would ask for an Identifier and/or app bundle ID. I'm just guessing on using IKEv2 here and I'm not sure if the IDs match what Systems Manager is looking for.

Labels:
0 Helpful
2 Replies 2

aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎12-12-2023 04:03 PM

When configuring a VPN payload for iOS in Cisco Meraki’s Systems Manager, the Local Identifier is typically the identifier for your client or device, which could be an app ID, a user principal name (UPN), or an email address. The Remote Identifier is used to identify the VPN server or the remote end of the VPN connection. It’s often set to the server’s domain name or IP address.

For IKEv2 VPN connections, the Local Identifier can be the user’s email address or another unique identifier, and the Remote Identifier would be the VPN server’s address. If you’re using a custom VPN client, the app bundle ID might be used as part of the VPN configuration, but it’s not typically the Local Identifier.

In Systems Manager, if you’re setting up a manual VPN configuration, you’ll have the option to specify these identifiers. If you’re using Sentry VPN, which automates the VPN setup process, the identifiers may be managed automatically based on the settings of the MX Security Appliance or VM Concentrator in your Dashboard organization.

If you’re unsure about the correct identifiers to use, it’s best to consult with your VPN service provider or network administrator to ensure that the identifiers match the VPN server’s configuration. Additionally, you can refer to the Systems Manager VPN Configurations and Sentry VPN documentation for more detailed instructions on setting up VPN payloads in Systems Manager.

Systems Manager VPN Configurations and Sentry VPN - Cisco Meraki

Systems Manager Logging and Troubleshooting - Cisco Meraki

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Arthur Dent
Cisco Employee
Cisco Employee

‎12-13-2023 08:54 AM

meraki currently doesn't have support for 3rd party VPN providers custom attributes other than Cisco Anyconnect

The only resolution currently would be to create your VPN config inside Apple Configurator and upload that to SM using the custom mobile config capability:

image.png

Whilst you'd still be able to us a static cert for Clint auth, you'd lose the ability to use a unique cert per device capability of SM

Details:

image.png

0 Helpful
Customers Also Viewed These Support Documents