Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do client-VPN work, behind the scenes?

New here

How do client-VPN work, behind the scenes?



I am setting up a Meraki network for 3 locations, soon to be expanded to 6 or 7.

My experience is with Cisco ASA and Aruba/Procurve networking, so this is a new world for me.


I have set up template for the 3 locations that we want to implement straight away, and most of the setup is pretty straight forward, but I cannot wrap my head around the client vpn routing.


We have 8 standard VLANs for all out sites. 7 of which are included in the VPN, 1 is a guest network so that is set as "Same", the 7 others are "Unique" in the template.


Client VPN is a template setting and not a per-device setting, so the client VPN subnet is obviosuly shared on all sites.

I need the Client VPN connected users to be able to access resources on all 3 locations. I found the setting to include the Client VPN subnet in the VPN - but how on earth will that work, when the Client VPN Subnet is the same on all 3 sites?


Is the traffic NAT'ed in some way on the MX? If not, do the site to site VPN keep track of where to send the traffic from and to a ClientVPN-connected device?


To make this extra fun, only the site I am on has the Meraki setup yet. The two other sites have ASA devices. The L2L VPN to these devices is set up and work flawlessly, but I cannot set up the client VPN properly, when I dont understand how it works.


Hope someone can shed some light on this for me.


Kind of a big deal

Re: How do client-VPN work, behind the scenes?

I've never tried using client VPN with a template in this manner before.  If you can't make the client VPN subnet unique at each site then you wont be able to use templates.

New here

Re: How do client-VPN work, behind the scenes?

That was pretty much what I came to as well. Does that mean I have to build separate configurations alltogether (wifi, switch, security) for all sites? I cannot see any way to exclude just certain parts of the configuration, e.g. client VPN, from the template. So to me it seems like I have to choose between using templates at all, or have unique subnets on the Client VPN per device. But I may be missing something obvious

Kind of a big deal

Re: How do client-VPN work, behind the scenes?

Yes, you will need to build seperate configs.


I good way to start is to get a network working just how you want, and then when you create a new network - copy it. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.