Applying Meraki Group Policy to Client VPN Active Directorily logged on

Jeizzen
Getting noticed

Applying Meraki Group Policy to Client VPN Active Directorily logged on

Hi,

 

I know this has been discussed a lot, policies vs client vpn (Windows L2TP Client VPN)

 

One of our customer is asking if it is possible to apply hour restrictions (schedule) for their client VPN on Windows L2TP.

 

The client vpn are connecting via their AD

 

I don't know AD a lot, but would these options worth a try ?

 

1- Configure in their AD a schedule for the user that is used for Client VPN AD login 

 

Jeizzen_0-1669645713672.png

 

OR

 

2 - Enable Active Directory authentication, and then apply a Meraki group policy to an LDAP group related to the Client VPN (as I said not an expert with AD)

 

Jeizzen_1-1669645999519.png

 

Jeizzen_2-1669646096486.png

 

 

 

thanks,

 

5 REPLIES 5
alemabrahao
Kind of a big deal
Kind of a big deal

I think that AD a schedule is the best option for your case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

I've never tried an AD schedule so I don't know if it would work or not.

 

One thing to keep in mind is that authentication only happens when the VPN connects.  If the user connects 1 minute before your schedule ends they'll be able to remain connected.

I configured the AD schedule for Wifi users a long time ago and It worked well, so I think it should have to work for  VPN users too.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jeizzen
Getting noticed

Good point ;

 

Would Anyconnect be better for applying authorized logon hours to the vpn clients,

PhilipDAth
Kind of a big deal
Kind of a big deal

No.  AnyConnect and Microsoft client VPN have the same restrictions in this area.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels