I have limited exposure to Meraki products and have some questions about how Client VPN works. I have successfully configured a test client VPN (using DDNS) but am confused on a few things.
1. When I enable client VPN I'm forced to select a subnet, and one that does not already exist elsewhere in the configuration. Why does that subnet not show up on the VLAN / Routing page?
2. If I want to give a vendor VPN access to a subnet beyond the Client VPN subnet that I chose, how is that done - do I need to add a static route between the Client VPN subnet and the target subnet?
3. If I want to give a vendor VPN access to a *specific device(s)* on a subnet beyond the Client VPN subnet, but not *all* devices on that target subnet, how is that done?
Many thanks in advance for your patience and assistance.
1. Client VPN should show up when you navigate to Security appliance > Route table.
2 & 3. Personally, I create Group Policies that I apply to all VPN Connections to our Network. My default network policy is very restrictive for that subnet. Once the VPN Connection shows up in the dashboard, I will apply an appropriate policy depending on what they need access to. (I would love to hear how others are managing this if there's a better/easier way)
Once your clients connect to your network via VPN, they will show up in your dashboard under Network-wide > Clients. You can find them very easily by the status symbol (which looks like a globe for VPN clients) or by filtering for that subnet. Once you find the client, you'll see they have the Network Policy labeled "Normal" which will be your default policy. You can select that client and change the policy to another that you have setup. Different policies can be setup under Network-wide > Group policies.