Meraki

Community

How to apply multiple Subnet/VLAN's to Cisco Secure Client (Anyconnect) VPN connections

rhamersley
Getting noticed
‎Jul 9 2024 7:39 AM
‎Jul 9 2024 7:39 AM

How to apply multiple Subnet/VLAN's to Cisco Secure Client (Anyconnect) VPN connections

With my current Cisco AnyConnect Secure Client VPN connection I am only able to designate only one AnyConnect VPN Subnet for those users that are VPN'ing into that location.   Do we know if it is possible to create additional VLAN's and have VPN users assigned to a different Subnet/VLAN??

 

 

rhamersley_1-1720535938231.png

 

0 Kudos
2 Replies 2
thaack
Getting noticed
‎Jul 9 2024 7:50 AM
‎Jul 9 2024 7:50 AM

No, this is not supported. From: AnyConnect On the MX Appliance Documentation 

 

AnyConnect on the MX does not support multiple VLANs or address pools for Client VPN users. 

 

However, you can use group policy to restrict/permit access to VLANs/subnets based on the user. I see you are using RADIUS. In the linked documentation above it shows you how to set group policy based on the RADIUS Filter-ID.

IvanJukic
Meraki Employee
Meraki Employee
‎Jul 9 2024 3:59 PM
‎Jul 9 2024 3:59 PM

Hi @rhamersley ,

As @thaack mentioned, Group Policy is the way to go for seperation and security. However, if you are finding that they are not enough IP address being assigend. You can simply expand the subnet range. E.g. 192.168.1.0/22 would give you 1022 IPs to use. 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.