Meraki Community

Subash · ‎May 5 2021

Hi, I have a client VPN enabled on a MX450. I need to configure a rule to access only particular servers in my local network for certain users on client VPN.

Is there a way to configure a firewall rule or group policy for my requirement ?

Bruce · ‎May 5 2021

Assuming you are using the ‘classic’ L2TP/IPSec VPN Client then unfortunately there is no way to assign a policy based on a user. The closest you’ll be able to get is manually assign a Group Policy to a client once they are connected. Each time they reconnect that policy will be applied to the client.

If you’re game enough to try the MX16 code then you can use the AnyConnect VPN Client. Using the AnyConnect VPN Client you can perform RADIUS authentication and return a Filter-ID attribute which can be used to apply a Group Policy to the client.

Subash · ‎May 5 2021

Thanks for your response bruce . I need to try applying group policy once the device is connected to the network.

I remember that in other thread somebody mentioned the group policy will remain same for the applied device as it is working based on the mac id. If that is a case I can try using this option.

Bruce · ‎May 5 2021

Yep, that should be the case. Once applied the Group Policy should 'stick' to the client, and so be applied each time they connect.

Subash · ‎May 5 2021

Okay. Thank you bruce

Meraki Community

Firewall rule for certain VPN clients based on the username

Firewall rule for certain VPN clients based on the username