Best practice to remote into a win11 workstation behind an mx67w

Solved
mnb22
Just browsing

Best practice to remote into a win11 workstation behind an mx67w

Hello, 

 

  I have a workstation running windows 11 (sitting behind an MX67W appliance) and would like to know if there is a way to VPN into that workstation through the mx67w appliance from the internet.  I would like to use that workstation as a jump host and RDP into different workstations as a remote access method.  

 

I don't want to RDP over the internet (using port translation) so I thought the VPN route would be a way to go.  I see that Cisco has a "Client VPN" feature but am not entirely clear if this is for the aforementioned purpose.  If anyone has some useful thoughts here I'd really appreciate if they could reply to this.

 

Kind regards,

Mike  

1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal

You're correct that you would want to use a VPN instead of exposing RDP to the internet.

Your high-level process would be:

1. Authenticate and connect to the on-premise environment over VPN

2. RDP to your Windows 11 computer

 

You can use either the Meraki L2TP Client VPN, or use Cisco Anyconnect (additional licensing is technically required).
Client VPN Overview - Cisco Meraki
AnyConnect on the MX Appliance - Cisco Meraki

If you only want to be able to access the windows 11 jumphost, you can restrict VPN users to only access this host - Restricting Client VPN access using Layer 3 firewall rules - Cisco Meraki

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

For me the Anyconnect is the best way.

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Overview

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal

You're correct that you would want to use a VPN instead of exposing RDP to the internet.

Your high-level process would be:

1. Authenticate and connect to the on-premise environment over VPN

2. RDP to your Windows 11 computer

 

You can use either the Meraki L2TP Client VPN, or use Cisco Anyconnect (additional licensing is technically required).
Client VPN Overview - Cisco Meraki
AnyConnect on the MX Appliance - Cisco Meraki

If you only want to be able to access the windows 11 jumphost, you can restrict VPN users to only access this host - Restricting Client VPN access using Layer 3 firewall rules - Cisco Meraki

mnb22
Just browsing

This helps validate the approach.  Thank you!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels