Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Guest traffic split tunnel in full tunnel deployment

satyamothukuri
Conversationalist
‎Jun 1 2020 10:48 AM
‎Jun 1 2020 10:48 AM

Guest traffic split tunnel in full tunnel deployment

Hello,

I would like to know if we can split tunnel only one  VLAN(Guest) if i am using all other vlan in full tunnel mode.

Currently all my uses traffic is full tunneled including guest. So is there any way we can only send guest traffic at the remote site itself instead of tunneling to DC. 

0 Kudos
Subscribe
5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎Jun 1 2020 11:15 AM
‎Jun 1 2020 11:15 AM

If you dont select the vlan  to be part of vpn it wil  use the local internet.   (But  it  cant reach  the remote vpn subnets.)

Subscribe
In response to ww
satyamothukuri
Conversationalist
‎Jun 1 2020 11:32 AM
‎Jun 1 2020 11:32 AM

what about default router for the guest network, will it be local ISP or will it have from DC?

4 VLAN's should have default router from Dc and 1 VLAN from local ISP, is this possible.

 

0 Kudos
Subscribe
In response to satyamothukuri
ww
Kind of a big deal
Kind of a big deal
‎Jun 1 2020 11:34 AM
‎Jun 1 2020 11:34 AM

Is you dont select the vlan to be in vpn, it will use the default  route to your  primary  local WAN 

0 Kudos
Subscribe
In response to ww
satyamothukuri
Conversationalist
‎Jun 1 2020 11:41 AM
‎Jun 1 2020 11:41 AM

will there be any issues in terms of security, if i dont have adv sec ? 

its guest traffic, but what to know will there be any sec issues.

0 Kudos
Subscribe
In response to satyamothukuri
MerakiDave
Meraki Employee
Meraki Employee
‎Jun 1 2020 6:50 PM
‎Jun 1 2020 6:50 PM

Hi @satyamothukuri if you are just sending guests out on a guest VLAN that is not part of the VPN, that's your call if you want to leverage the Advanced Security license to turn on IPS, AMP and content filtering for example. Generally speaking that's a common practice to leverage those features even for the guest VLAN. The split tunnel / full tunnel toggle is a hub by hub setting, not VLAN by VLAN. So as @ww mentioned just don't include the Guest VLAN in the VPN, and use full tunnel back to your hub. If you check the "default route" box for a given hub, that is then full tunnel, unchecked gives you split tunnel. It may be less of a technical question and more of a policy question specific to your organization to decide if you'll need to leverage the Adv Sec features for the Guest subnet.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.