Meraki

Community

Client Isolation on Client VPN

jay_b
Getting noticed
‎Feb 14 2022 7:54 AM
‎Feb 14 2022 7:54 AM

Client Isolation on Client VPN

Happy Monday Everyone,

 

Is there way we can implement client isolation on VPN clients so 1 VPN client can't reach/see other VPN client ?

0 Kudos
7 Replies 7
RaphaelL
Kind of a big deal
Kind of a big deal
‎Feb 14 2022 8:12 AM
‎Feb 14 2022 8:12 AM

Hi ,

 

Unfortunately I don't think that is possible for the moment. Even with Group Policy I don't see how you could achieve this.

0 Kudos
JamesC_AB
Here to help
‎Feb 14 2022 8:44 AM
‎Feb 14 2022 8:44 AM

Check this out on the AnyConnect documentation page (emphasis mine):

AnyConnect on the MX does not support multiple VLANs or address pools for Client VPN users. However, the MX supports the application and enforcement of policies to AnyConnect users on authentication. It is also important to note that, from a Client VPN standpoint on the MX, having users on the same subnet does not mean they are in the same VLAN. Users are assigned a /32 address (one address) from the pool configured on Dashboard. Group Policies can then be used to limit users on the same AnyConnect subnet from talking to each other or other resources on the network.

AnyConnect on the MX Appliance - Cisco Meraki

Group policies are not an AnyConnect-only feature, so it may be possible to achieve with vanilla Client VPN

In response to JamesC_AB
jay_b
Getting noticed
‎Feb 15 2022 5:50 AM
‎Feb 15 2022 5:50 AM

@JamesC_AB  Interesting. I will give a try on group policy. Thanks

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 14 2022 11:51 AM
‎Feb 14 2022 11:51 AM

It will be easier to do with this AnyConnect, as you can assign a default group policy to be used for al AnyConnect users.

With the Windows client VPN, you have to log in each user one at a time, and then assign the group policy, and then it will stick.  Ok for a small number of users.  A nightmare for lots of users.

In response to PhilipDAth
jay_b
Getting noticed
‎Feb 15 2022 5:52 AM
‎Feb 15 2022 5:52 AM

Unfortunately we don't use anyclient but thanks for the tip @PhilipDAth 

0 Kudos
In response to jay_b
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 15 2022 12:37 PM
‎Feb 15 2022 12:37 PM

AnyConnect is relatively cheap and so much better ...

In response to PhilipDAth
jay_b
Getting noticed
‎Feb 16 2022 7:51 AM
‎Feb 16 2022 7:51 AM

@PhilipDAth Agree with you it is much better than normal client VPN. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.