Client VPN routing on MX

SOLVED
OSPF71
Here to help

Client VPN routing on MX

Is the MX client VPN limited to local subnets or can resources in other MX sts vpn subnets be accessed?

1 ACCEPTED SOLUTION
Mr_IT_Guy
A model citizen

Hi @OSPF71,

If you go to Security Appliance/Teleworker Gateway > Configure > Site-to-Site VPN, there is a section called VPN settings. As long as the vLAN is set to yes in the Use VPN column, then the vLAN will be reachable when using Client VPN.

 

If you wish to change that (i.e you only want VPN to access certain subnets at different MXs across your organization), you will need to add additional rules in Site-to-site outbound firewall at the bottom of the same page.

 

Finally, if you want the client VPN to only access local subnets, set the Use VPN setting to no.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

View solution in original post

2 REPLIES 2
Mr_IT_Guy
A model citizen

Hi @OSPF71,

If you go to Security Appliance/Teleworker Gateway > Configure > Site-to-Site VPN, there is a section called VPN settings. As long as the vLAN is set to yes in the Use VPN column, then the vLAN will be reachable when using Client VPN.

 

If you wish to change that (i.e you only want VPN to access certain subnets at different MXs across your organization), you will need to add additional rules in Site-to-site outbound firewall at the bottom of the same page.

 

Finally, if you want the client VPN to only access local subnets, set the Use VPN setting to no.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

View solution in original post

Thanks, @Mr_IT_Guy. That info helps a lot. The one security appliance we have not replaced with a MX yet is a non Meraki peer which has the subnet(s) with needed resources and is not accessible.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels