Showing results for 
Search instead for 
Did you mean: 

Limit Mobile Users from VPN Access


Good day all. I am not sure if what I am trying to do can be done directly, but perhaps someone can chime in with how to do this directly, or some form of work around or variable process to accomplish this.

We use Duo Essentials and run our VPN service through Cisco Meraki firewalls. We are utilizing trusted endpoints for VPN access. Our settings cover computers verified to be attached to our domain running the Duo Desktop app, or mobile devices that are used for users push notifications. We also use an AD group based policy that allows members access to the vpn. We are noticing a trend of users starting to access the vpn via their mobile devices and it is working due to them being trusted endpoints, and them currently being granted access through the ad group policy. Is there a way for us to essentially filter that down and apply a policy that would allow only permitted users mobile devices to access the vpn and restrict anyone not covered by that policy, while still allowing those restricted phone users to access the vpn via their company provided equipment?

1 Reply 1

Cisco Employee
Cisco Employee

So are you using the "Duo Mobile" trusted endpoints management integration
That doesn't require the Duo Mobile app to be managed by an organizational MDM. I think in your scenario we would suggest switching to a different Duo Mobile mobile management integration that requires Duo Mobile to be managed by your organization's MDM (like Meraki Systems Manager) and you would require the users you want to access VPN from mobile devices to enroll in the MDM and receive the managed app.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links