cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How We can control VPN client Subnet???

Highlighted
Getting noticed

How We can control VPN client Subnet???

I have an edge MX is connected directly to MS 425 and All my Server farm connected to MS425.

VPN client using 172.16.100.0/24 subnet and all remote users have access to all server's traffic via this subnet.

Now i decided to control some remote users to not going everywhere but how? I have no ACL in VPN client Also I have no option to make static VPN client IP for users, looks like VPN client in MX just makes DHCP without any option?!!!

kav noroozi
7 REPLIES 7
Highlighted
Kind of a big deal

Re: How We can control VPN client Subnet???

Create a group policy with firewall rules and apply that directly to the clients.

Highlighted
Getting noticed

Re: How We can control VPN client Subnet???

 

thanks for your support

Maybe my bad, my question is how control IP That VPN client do not give me Option to contol it.

The problem still there because if i assign an IP to the user via policy i can't control VPN client subnet to avoid assign Same IP to another machine VIA auto DHCP in VPN client.

kav noroozi
Highlighted
Kind of a big deal

Re: How We can control VPN client Subnet???

Why would you need to control the IP address that the client VPN user gets?  Client VPN users will get unique IP addresses.

 

Just specify the firewall policy in the group policy to control what they can access.

Highlighted
Getting noticed

Re: How We can control VPN client Subnet???

Because we have many different Servers/Resources and remote users need to connect to a specific different server, i need to filter them via IP in ACL, at the moment because we have no control of VPN Client subnet, we can not do it.

VPN client IP Like a DHCP server with no option.

because the user pulling IP from VPN client DHCP, the user has different IP when they connected to VPN and next time it gets changed, so I can not make ACL based of IP.

kav noroozi
Highlighted
Kind of a big deal

Re: How We can control VPN client Subnet???

Filter then using group policy.  The firewall policy is then applied to their connection and it does not matter what ip address they get assigned. 

Highlighted
Getting noticed

Re: How We can control VPN client Subnet???

Thank Philip for your response, but I wondering any way to take control of VPN client IP?

kav noroozi
Highlighted
Kind of a big deal

Re: How We can control VPN client Subnet???

None.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.