Meraki Client VPN is not an acceptable answer for us. We have spent years fighting this and now it’s gotten worse. Our IT team has discovered rebooting our MX100 fixes client VPN issues for a little while. We’ve spent months building, rebuilding, testing, patching, un-patching, our end user computers, but the one thing that apparently always works is rebooting our MX.
We need a solution that doesn’t require us to have a fulltime, salaried apologizer on the IT team.
So, who do you give your money to for client VPN? We have ~100 concurrent users at peak.
I also use AnyConnect, but I am reluctant to trust it on the Merakis given how new it is and how crap Cisco’s QA has been the past several years.
I currently have a pair of ASAv instances in our Azure cloud for external VPNs and AnyConnect. Site-to-Site VPNs to our locations are ran with VMX instances.
Currently Anyconnect via firepower’s using azure AD SAML migrating to Anyconnect on 5 vmxs mixture of split and full tunnel with azure AD SAML. Also azure premium firepower for the full tunnel breakout
Thanks to everyone for their responses. Going to re-evaluate AnyConnect licensing expenses, as well as take a look at some alternatives like zscaler. Also just discovered some github GUI projects for WireGuard, so I’m spinning up an instance to set up WG and tinker a bit.
AnyConnect with Cisco secure client. Been using it for 2 years. No issues and none of the headaches of client VPN L2TP. Found out some newer firewalls will not pass data on the older protocol
We’re still using Sophos which is based on Open VPN. We kept one (virtual) appliance around when we switched to the MX gateways purely for the client VPN. Yes, we could do it on our own, but the Sophos GUI makes it much easier to manage.
Oh nice, I thought it was much more recent than that. Does it have the same functionality as on ASAs? Can you define multiple profiles, time limits, things like that?