Addressing/VLAN

Solved
themru
Conversationalist

Addressing/VLAN

I have created two VLAN's from Addressing and VLAN's.

 

Network 1===> 10.10.100.0/24

Network 2===> 171.25.30.25

 

Scenario 1

 

I believe from Layer 3 Firewall I can deny traffic from those two V LAN's, however when someone connects from VPN, I will need to block the traffic from outbound rules.

 

Is this a correct scenario.

 

Scenario 2

 

I will add some more Meraki's device to this organisation, I want to restrict view only to some of the Meraki's.  Meaning user will only be able to see only some meraki's appliance and not some.

 

Is this feasible?

 

 

 

 

 

 

 

 

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal

Scenario 1: Yes, the L3 rules are only for internet- and inter-VLAN traffic. For AUtoVPN, you have to configure the outbound filter under S2S-VPN. For extranet-VPN you can't filter the traffic on the MX. You need to use a different firewall for your extranet VPNs.

 

Scenario 2: There is role-based access-control to assign differentiated access to your networks. You have to decide if these fulfilled your needs. At least you can restrict on a per-network level.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels