I would like to use RSA SecurID Authentication Manager and Microsoft Network Policy Server to facilitate two-factor authentication for a Meraki client VPN on a Meraki MX-65 Secure Appliance. The Meraki client VPN will use a RADIUS server for authentication. In this scenario, there is an existing network, and do not want to use two factor authentication for local LAN devices and users. Potentially planning to use RSA SecurID software tokens on the VPN clients.
My questions are:
1. Should SecurID AM or Microsoft NPS be setup as the RADIUS server?
2. If using MS NPS as RADIUS Proxy for SecurID AM, can the scope be limited to VPN connections?
3. If SecurID AM is used as the RADIUS server, is there a best practices or how-to for MS NPS RADIUS integration?
Please let me know if I can provide any additional details.