Meraki

Jeizzen · ‎Nov 28 2022

Hi,

I know this has been discussed a lot, policies vs client vpn (Windows L2TP Client VPN)

One of our customer is asking if it is possible to apply hour restrictions (schedule) for their client VPN on Windows L2TP.

The client vpn are connecting via their AD

I don't know AD a lot, but would these options worth a try ?

1- Configure in their AD a schedule for the user that is used for Client VPN AD login

OR

2 - Enable Active Directory authentication, and then apply a Meraki group policy to an LDAP group related to the Client VPN (as I said not an expert with AD)

thanks,

alemabrahao · ‎Nov 28 2022

I think that AD a schedule is the best option for your case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎Nov 28 2022

I've never tried an AD schedule so I don't know if it would work or not.

One thing to keep in mind is that authentication only happens when the VPN connects. If the user connects 1 minute before your schedule ends they'll be able to remain connected.

alemabrahao · ‎Nov 28 2022

I configured the AD schedule for Wifi users a long time ago and It worked well, so I think it should have to work for VPN users too.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Jeizzen · ‎Nov 28 2022

Good point ;

Would Anyconnect be better for applying authorized logon hours to the vpn clients,

PhilipDAth · ‎Nov 28 2022

No. AnyConnect and Microsoft client VPN have the same restrictions in this area.

Meraki

Community

Applying Meraki Group Policy to Client VPN Active Directorily logged on

Applying Meraki Group Policy to Client VPN Active Directorily logged on