Rublon

Secure Remote Access

By

Last updated on July 8, 2025

MFA for Cisco Meraki Client VPN is an extra layer of security that makes logging into the VPN more secure by requiring two steps of authentication: primary (login/password) and secondary (e.g., Mobile Push). Thanks to Cisco Meraki Client VPN MFA, even if a cybercriminal knows a user’s password, they cannot access the VPN without completing the secure secondary authentication.

Overview of MFA for Cisco Meraki Client VPN

Cisco Meraki Client VPN is a feature that allows remote users to securely connect to the network through an encrypted tunnel over the Internet. It uses the L2TP/IPsec protocol with a preshared key and supports various operating systems, such as Windows, macOS, iOS, Android, and Chrome OS. It can also integrate with different authentication methods, such as Meraki cloud, RADIUS, Active Directory, or Systems Manager Sentry.

Rublon Multi-Factor Authentication (MFA) for Cisco Meraki Client VPN allows you to add an extra layer of security to your Cisco Meraki VPN logins. MFA for Meraki VPN is done using the Rublon Authentication Proxy.

Rublon MFA for Cisco Meraki VPN adds an extra security step to VPN connections. A user has to pass both primary (username and password) and secondary (another method) authentication. If the user fails the second step, Rublon blocks their access and prevents any possible intruder from getting in.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push N/A
WebAuthn/U2F Security Key N/A
Passcode N/A
SMS Passcode N/A
SMS Link N/A
Phone Call N/A
QR Code N/A
Email Link N/A
YubiKey OTP Security Key N/A

Before You Start Configuring MFA for Cisco Meraki Client VPN

Before configuring Rublon MFA for Cisco Meraki VPN:

  • Ensure you have prepared all required components.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeRADIUS.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already.

3. Cisco Meraki Device – You need a Cisco Meraki device (physical or virtual in the cloud).

4. Cisco Meraki Dashboard – You need to have an account in Cisco Meraki Dashboard, where you have created a network and added your Cisco Meraki device.

Install Rublon Authenticator

Some end-users will install the Rublon Authenticator mobile app. So, as a person configuring MFA for Check Point Mobile Access VPN, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Check Point Mobile Access via Mobile Push.

Download the Rublon Authenticator for:

Configuring Multi-Factor Authentication (MFA) for Cisco Meraki Client VPN

Follow the following instructions to set up MFA for Cisco Meraki Client VPN.

Configuring Rublon Authentication Proxy as RADIUS Server

1. In the Cisco Meraki Dashboard, go to Security & SD-WAN Client VPN.

Image showing accessing the Client VPN options in the Cisco Meraki Dashboard.

2. Select AnyConnect Settings, scroll down to the Authentication and Access section, and set the following:

  • Authentication Type: RADIUS
  • RADIUS servers: The next step describes how to add a RADIUS server
  • RADIUS timeout: 60 seconds
Image showing filling up the Authentication and Access section while configuring MFA for Cisco Meraki Client VPN

3. In RADIUS servers, click Add a RADIUS server and set the following:

  • Host: Enter the IP address of your Rublon Authentication Proxy ()
  • Port: Enter the port of your Rublon Authentication Proxy (Default: 1812)
  • Secret: Enter the RADIUS_SECRET you set in the Rublon Authentication Proxy’s config file.
Image showing the Rublon Auth Proxy added as a RADIUS server while configuring MFA for Cisco Meraki Client VPN

4. Congratulations. Your integration is complete. You can now test your setup.

Testing Multi-Factor Authentication (MFA) for Cisco Meraki Client VPN

This example shows using the AnyConnect Secure Mobility Client to connect to Cisco Meraki VPN. However, you can use any other VPN client like the built-in Windows VPN client. Mobile Push has been set as the second factor in Rublon Authentication Proxy’s config file (AUTH_METHOD was set to push).

1. The hostname to which you need to connect can be found in the Cisco Meraki Dashboard. Copy the hostname from Security & SD-WAN → Client VPN → AnyConnect Settings → Client Connection Details → Hostname.

(If you do not have the AnyConnect Secure Mobility Client, you can download the Secure Client using one of the links in AnyConnect Client Download Links. The Secure Client includes AnyConnect.)

Image showing where to find the hostname for client connection to Cisco Meraki VPN

2. Run the Cisco AnyConnect Secure Mobility Client, paste the hostname you just copied, and click Connect.

Image showing the Cisco AnyConnect Secure Mobility Client

3. Enter your username and password and click OK.

Image showing entering username and password in Cisco AnyConnect Secure Mobility Client

4. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Mobile Push from Rublon as the second part of MFA for Cisco Meraki Client VPN

5. You have successfully connected to the VPN.

Image showing a successful connection to Cisco Meraki Client VPN with MFA

Troubleshooting MFA for Cisco Meraki VPN

Blast-RADIUS Vulnerability Protection

RADIUS integrations may enforce the validation of the Message-Authenticator RADIUS attribute as part of their mitigations for the Blast-RADIUS vulnerability.

The Rublon Authentication Proxy supports the Message-Authenticator attribute starting from version 3.5.3. The Rublon Auth Proxy uses the force_message_authenticator option in the configuration file (set to true by default) to safeguard against Blast-RADIUS attacks.

If you are experiencing issues with your RADIUS integration, ensure that the force_message_authenticator is set to true.

If you are using Rublon Authentication Proxy 3.5.2 or older, update to the newest available version.

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations