cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Best practice to remote into a win11 workstation behind an mx67w

SOLVED
Go to solution
mnb22
Just browsing
‎03-19-2023 04:31 PM
‎03-19-2023 04:31 PM

Best practice to remote into a win11 workstation behind an mx67w

Hello, 

 

  I have a workstation running windows 11 (sitting behind an MX67W appliance) and would like to know if there is a way to VPN into that workstation through the mx67w appliance from the internet.  I would like to use that workstation as a jump host and RDP into different workstations as a remote access method.  

 

I don't want to RDP over the internet (using port translation) so I thought the VPN route would be a way to go.  I see that Cisco has a "Client VPN" feature but am not entirely clear if this is for the aforementioned purpose.  If anyone has some useful thoughts here I'd really appreciate if they could reply to this.

 

Kind regards,

Mike  

Labels:
0 Kudos
Subscribe
1 ACCEPTED SOLUTION
Brash
Kind of a big deal
Kind of a big deal
‎03-19-2023 07:24 PM
‎03-19-2023 07:24 PM

You're correct that you would want to use a VPN instead of exposing RDP to the internet.

Your high-level process would be:

1. Authenticate and connect to the on-premise environment over VPN

2. RDP to your Windows 11 computer

 

You can use either the Meraki L2TP Client VPN, or use Cisco Anyconnect (additional licensing is technically required).
Client VPN Overview - Cisco Meraki
AnyConnect on the MX Appliance - Cisco Meraki

If you only want to be able to access the windows 11 jumphost, you can restrict VPN users to only access this host - Restricting Client VPN access using Layer 3 firewall rules - Cisco Meraki

View solution in original post

Subscribe
3 REPLIES 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎03-19-2023 04:53 PM
‎03-19-2023 04:53 PM

For me the Anyconnect is the best way.

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Overview

Subscribe
Brash
Kind of a big deal
Kind of a big deal
‎03-19-2023 07:24 PM
‎03-19-2023 07:24 PM

You're correct that you would want to use a VPN instead of exposing RDP to the internet.

Your high-level process would be:

1. Authenticate and connect to the on-premise environment over VPN

2. RDP to your Windows 11 computer

 

You can use either the Meraki L2TP Client VPN, or use Cisco Anyconnect (additional licensing is technically required).
Client VPN Overview - Cisco Meraki
AnyConnect on the MX Appliance - Cisco Meraki

If you only want to be able to access the windows 11 jumphost, you can restrict VPN users to only access this host - Restricting Client VPN access using Layer 3 firewall rules - Cisco Meraki

Subscribe
In response to Brash
mnb22
Just browsing
‎03-20-2023 05:29 AM
‎03-20-2023 05:29 AM

This helps validate the approach.  Thank you!

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki