Can I specify rules that limit Client VPN traffic?

Here to help

Can I specify rules that limit Client VPN traffic?

We have work from home users connecting via Client VPN.  I would like to restrict Client VPN connections so that the only thing they can do is RDP to their desktop that is in the office.  Is there any way to configure rules on the MX to achieve this?


Of course, with every policy there has to be an exception.  We have some users with corporate laptops that connect to the Client VPN, and they should be allowed to have more access.  Is there any way that I can assign specific Client VPN IP to specific devices, and then assign alternate rules to those IP's?



Kind of a big deal
Kind of a big deal

When using the Microsoft VPN client to the MX (L2TP over IPSec) the only way is to assign group policies after they have connected once.  The group policy can contain firewall rules.  The group policy will stick each time they connect.


As mentioned by @ww , AnyConnect lets you define a default group policy, and if you are using RADIUS, you can configure a per user group policy as well.

Now that AnyConnect requires you to buy Cisco AnyConnect licences and be running MX16.  The 16.x beta firmware runs really well.


In fact, I prefer 16.x over the current stable 15.44.  I personally experience less issues with 16.12 than I do with 15.44 customers

Thanks for the confirmation.  We don't have AnyConnect licensing, so I will have to use the L2TP over IPSec option and manually assign the Group Policy.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.