Client VPN segregated between multiple VLANS.

Getting noticed

Client VPN segregated between multiple VLANS.

Happy new year you all-mighty gurus in this community. I have an MX100 at one of our clients who are in the executive suites business, obviously, each office is already segregated with its corresponding VLAN, and all those nice things are capable with MX, MS, and MR. my question is the following. 


Is it possible to have Client VPN users connecting in and then routing them to the desired VLAN? 


I have 25 offices (25 Vlans) and need to have more that 3 using Client VPN in and segregated to their respective network

Kind of a big deal

If you are using the Windows VPN client (L2TP over IPSec) what you have to do is after they connect apply a group policy to their VPN connection with the required firewall rules.

When I'm using this approach I usually create the account, connect to the VPN using it (to verify it is working) and then assign the group policy and it is done.


If you buy AnyConnect licences and have a RADIUS server you can have the RADIUS server dynamically assign the group policy to use per connection (using the Filter-Id attribute).

OK I get that but how do you sort out the users connected to the Client VPN that need to go to specified VLANs.


I know I can do the Vlans thru the policy but do I need to wait for each user to connect in order to add it to the group policy? 

Kind of a big deal

If using the Windows client VPN - you have to wait.

😵😵😵😵😵😵😵you just killed my high lol. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.