Meraki

Community

How to configure Client VPN with Meraki Cloud Auth to only be able to access certain subnet?

CHAadmin
Getting noticed
‎Feb 8 2024 12:19 PM
‎Feb 8 2024 12:19 PM

How to configure Client VPN with Meraki Cloud Auth to only be able to access certain subnet?

We recently (with some help from a network consultant) created a DMZ for our facilities LAN by defining it on the MX 250, then adding a few firewall rules.

 

Can we create a Client VPN that only allows access to that VLAN?

Labels:
0 Kudos
2 Replies 2
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Feb 8 2024 12:58 PM
‎Feb 8 2024 12:58 PM

The layer 3 firewall rules apply to the VPN subnet.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 11 2024 11:28 AM
‎Feb 11 2024 11:28 AM

If this is using the Microsoft VPN client, you can also create a group policy (in the Meraki Dashboard, and create firewall rules in it) and apply it to the client VPN users.

 

If you use RADIUS to authenticate the client you can also pass back a Meraki group policy to apply to the use with the Filter-Id RADIUS attribute.  The below article is for MR - but it is the same for client VPN on the MX.

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Using_RADIUS_Attributes_to_Apply_... 

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.