Meraki

Community

Block client VPN over site-to-site VPN tunnel

WarrenG
Getting noticed
13 hours ago
13 hours ago

Block client VPN over site-to-site VPN tunnel

We have a client with multiple sites that are connected together using the site-to-site VPN. Users in the remote offices are still also using the client VPN (AnyConnect) in order to connect to the main office, which we suspect may be causing network performance issues. Is there any way to create a rule or policy to prevent them from using the client VPN while they are connected to the network at any of the remote offices?

0 Kudos
4 Replies 4
ww
Kind of a big deal
Kind of a big deal
13 hours ago
13 hours ago

You could block the client vpn url/ip+port in the vpn firewall (and maybe L3 fw if needed)

0 Kudos
In response to ww
WarrenG
Getting noticed
12 hours ago
12 hours ago

Thanks, can you clarify what you mean by the "vpn firewall" - I only see the L3 firewall in the portal. How would I access this vpn firewall that you are referring to? Thanks!

0 Kudos
In response to WarrenG
ww
Kind of a big deal
Kind of a big deal
12 hours ago
12 hours ago

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...

0 Kudos
In response to ww
WarrenG
Getting noticed
9 hours ago
9 hours ago

Got it, I was looking under client VPN but this makes more sense. Thanks!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.