Meraki

JacoboLevy · ‎Jan 6 2022

Happy new year you all-mighty gurus in this community. I have an MX100 at one of our clients who are in the executive suites business, obviously, each office is already segregated with its corresponding VLAN, and all those nice things are capable with MX, MS, and MR. my question is the following.

Is it possible to have Client VPN users connecting in and then routing them to the desired VLAN?

I have 25 offices (25 Vlans) and need to have more that 3 using Client VPN in and segregated to their respective network

PhilipDAth · ‎Jan 6 2022

If you are using the Windows VPN client (L2TP over IPSec) what you have to do is after they connect apply a group policy to their VPN connection with the required firewall rules.

When I'm using this approach I usually create the account, connect to the VPN using it (to verify it is working) and then assign the group policy and it is done.

If you buy AnyConnect licences and have a RADIUS server you can have the RADIUS server dynamically assign the group policy to use per connection (using the Filter-Id attribute).

JacoboLevy · ‎Jan 6 2022

OK I get that but how do you sort out the users connected to the Client VPN that need to go to specified VLANs.

I know I can do the Vlans thru the policy but do I need to wait for each user to connect in order to add it to the group policy?

PhilipDAth · ‎Jan 6 2022

If using the Windows client VPN - you have to wait.

JacoboLevy · ‎Jan 6 2022

😵😵😵😵😵😵😵you just killed my high lol.

Meraki

Community

Client VPN segregated between multiple VLANS.

Client VPN segregated between multiple VLANS.