Hi,
I know this has been discussed a lot, policies vs client vpn (Windows L2TP Client VPN)
One of our customer is asking if it is possible to apply hour restrictions (schedule) for their client VPN on Windows L2TP.
The client vpn are connecting via their AD
I don't know AD a lot, but would these options worth a try ?
1- Configure in their AD a schedule for the user that is used for Client VPN AD login
OR
2 - Enable Active Directory authentication, and then apply a Meraki group policy to an LDAP group related to the Client VPN (as I said not an expert with AD)
thanks,
I think that AD a schedule is the best option for your case.
I've never tried an AD schedule so I don't know if it would work or not.
One thing to keep in mind is that authentication only happens when the VPN connects. If the user connects 1 minute before your schedule ends they'll be able to remain connected.
I configured the AD schedule for Wifi users a long time ago and It worked well, so I think it should have to work for VPN users too.
Good point ;
Would Anyconnect be better for applying authorized logon hours to the vpn clients,
No. AnyConnect and Microsoft client VPN have the same restrictions in this area.