Combine Meraki Security Appliances with Systems Manager for pushbutton VPN
We’ve all read the horror stories. Passwords, private photos, corporate data, government secrets. What hasn’t been compromised at some point? Connectivity is so important to us that sometimes we forget we may not be the only ones joined to that café hotspot. Thankfully today many of the services we access are reached over an SSL connection, but a Virtual Private Network (VPN) remains the best way to protect all traffic.
Using a VPN in itself is not so hard. An iPhone with VPN configured will simply present a toggle for the user to slide.
So the issue isn’t connecting to VPN, but configuring it in the first place. Even people who consider themselves ‘technical’ can struggle here, because VPN configuration requires the user to configure several settings. Here’s what the iPhone owner is confronted with when attempting to add a new VPN configuration:
Meraki to the rescue! Customers who deploy one of our powerful MX Security Appliances together with Systems Manager have everything they need to build a turnkey VPN solution in their hands. Among the Security Appliance’s many features are comprehensive site-to-site and client VPN. Pairing an MX with Systems Manager adds a number of powerful security features we call Sentry.
To get things set up, log on to the dashboard and head over to the Client VPN settings page on the MX to which VPN clients will connect. Enable the Client VPN server and then enter the desired settings and then select ‘Systems Manager Sentry VPN Security’. This will open up a new panel as shown here:
In the Sentry VPN section the admin chooses the Systems Manager network (if there is more than one) and the scope of devices which will receive the VPN settings. The usual Systems Manager tags are available here, both static and dynamic, enabling tight control over which devices will be enabled for VPN. Finally, determine whether this should be a full tunnel VPN (Send All Traffic, a good choice when on unfamiliar networks), and any proxy settings before clicking save. That’s all there is to it! Oh, and we can perform the same trick for Mac OS X too and Samsung Knox enabled Android devices.
This truly is simplicity at its best. No need to worry about user configuration, or shared secrets, or server credentials. Everything is automatically pulled from the selected Security Appliance and then pushed out through a profile update to managed clients. The client device will then see the VPN option in settings, and then need only click the toggle to bring the VPN up.
Not ready to purchase a Security Appliance yet? Systems Manager will also allow the manual configuration and deployment of VPN server credentials for any L2TP, PPTP, Cisco IPSec or AnyConnect server.
Sentry is the name we give to a range of security related features which can be used when deploying Systems Manager into an environment with a Meraki network infrastructure. We’ve covered several of these features already on the blog. In this case, Sentry VPN overcomes the biggest obstacle to secure network communications, making it a cinch to set-up, and a trivial option for the end user. Coffee shop productivity just got a lot more secure.
Try Systems Manager on for size by heading over to our website. As with all Meraki solutions, the software is all driven from and accessed via a robust cloud architecture. There’s no hardware required to get started, making it easy to take for a test drive from the comfort of your chair.