cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall settings for guest network to enable VPN access to Meraki MX

New here

Firewall settings for guest network to enable VPN access to Meraki MX

We are currently migrating our network to Meraki.

We have several network segments (different vlans) at our location including one for guests.

This network is isolated from the other networks, only internet access is enabled.

I've done this in the firewall like this:

 

deny any protocol source any port <corp-nw> destination any protocol <guest-nw>

deny any protocol source any port <guest-nw> destination any protocol <corp-nw>

allow any protocol source any port <guest-nw> destination any portocol any destination

 

That works so far.

When I'm connected to the guest Network, I cannot establish a VPN connection to our Meraki Gateway.

 

I think I have to create a rule to allow that connection... Can anyone tell me how?

5 REPLIES 5
Head in the Cloud

Re: Firewall settings for guest network to enable VPN access and forwarded ports

Wireless - Firewall - Deny local LAN , for your Guest Wifi?

 

2019-04-17 14_51_12-Firewall & traffic shaping - Meraki Dashboard.png

New here

Re: Firewall settings for guest network to enable VPN access and forwarded ports

I tried a little more. Port forwarding is working, sorry for that. I have only problems with VPN.

 

As I wrote the network seperation is not the problem. Also VPN from outside to corp lan works fine.

 

The problem is that I cannot establish this VPN connection when I'm inside the (local, Meraci-managed) guest network.

 

Kind of a big deal

Re: Firewall settings for guest network to enable VPN access to Meraki MX

I would doubt that you could VPN in from inside of the MX to the outside of the MX.  I don't think this is a valid config.

New here

Re: Firewall settings for guest network to enable VPN access to Meraki MX

Sure, from the network state it's not the best.

 

We have a larger number of mobile devices that connect to foreign public networks and our local guest network.

It would be helpful if the connection could work the same way.

Getting noticed

Re: Firewall settings for guest network to enable VPN access to Meraki MX

I have setup VPNs on several firewalls and find that most cannot connect to the VPN from the LAN side.

 

I also have setup Routing and Remote Access on different Windows severs.  With that config, users could connect to the VPN from the LAN.

 

A different way to accomplish a Guest Network that has managed access to the LAN, would be to setup an Employee Guest SSID that uses RADIUS to your server for authentication. 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.