Meraki Community

Roni · ‎May 29 2022

Hi everyone,

I want to enable the ability of "AnyConnect" on the mx.

I want to configure "split-Tunnel" and to do it I Have to set a subnet, but the mx want to allow to set my VPN subnet because it is already set on the "Addressing&vlan" is

it ok to delete the vpn vlan and set it only on the "AnyConnect" tab?

Bruce · ‎May 29 2022

Yes, the subnet that you’re using for remote access VPN (either AnyConnect or L2TP) only needs to be configured on the AnyConnect or L2TP page, you don’t need it configured on the “Addressing & VLAN” page.

Roni · ‎May 30 2022

Thank you All!

another thing is that I want to set to the VPN clients permissions "X" but I have one user that I want to set for him permissions "Y", to do so, I need that this specific user will connect to the VPN and get specific IP every time.

How can i do it with the "Anyconnect" ability?

Bruce · ‎May 31 2022

I don’t believe you can do this directly with AnyConnect. What you’ll need to do is RADIUs authentication which returns a Filter-ID parameter that the MX then uses to apply a Meraki Group Policy to the user. Have a look in here under the Group Policy section, https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance.

The other option is once the device is connected to the VPN, find it in the client list on the Dashboard and manually apply a Group Policy to it.

KarstenI · ‎May 29 2022

You have to make sure that the VLAN from "Adressing & VLANs" is not used for something else. If it is in use, just pick a different free Subnet for AnyConnect.

Meraki Community

Any connect-vpn

Any connect-vpn