Client VPN Clarification?

Reactor
New here

Client VPN Clarification?

Hello All,

 

I have limited exposure to Meraki products and have some questions about how Client VPN works.  I have successfully configured a test client VPN (using DDNS) but am confused on a few things. 

 

1.  When I enable client VPN I'm forced to select a subnet, and one that does not already exist elsewhere in the configuration.  Why does that subnet not show up on the VLAN / Routing page?

 

2.  If I want to give a vendor VPN access to a subnet beyond the Client VPN subnet that I chose, how is that done - do I need to add a static route between the Client VPN subnet and the target subnet? 

 

3.  If I want to give a vendor VPN access to a *specific device(s)* on a subnet beyond the Client VPN subnet, but not *all* devices on that target subnet, how is that done?

 

Many thanks in advance for your patience and assistance.  

 

R

3 REPLIES 3
WadeAlsup
A model citizen

Hi @Reactor

 

1. Client VPN should show up when you navigate to Security appliance > Route table. 

 

2 & 3. Personally, I create Group Policies that I apply to all VPN Connections to our Network. My default network policy is very restrictive for that subnet. Once the VPN Connection shows up in the dashboard, I will apply an appropriate policy depending on what they need access to. (I would love to hear how others are managing this if there's a better/easier way)


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Sorry for replying months later, but could you explain how you do this? I just recently set up client VPN on my system and I'm trying to figure out how I apply different firewall rules to different clients.

Hi @edbarrett

 

Once your clients connect to your network via VPN, they will show up in your dashboard under Network-wide > Clients. You can find them very easily by the status symbol (which looks like a globe for VPN clients) or by filtering for that subnet. Once you find the client, you'll see they have the Network Policy labeled "Normal" which will be your default policy. You can select that client and change the policy to another that you have setup. Different policies can be setup under Network-wide > Group policies.  


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels