Meraki

NetC · ‎Dec 29 2022

We have users who should have different permissions. You could divide the users into different groups.

Administrators should be able to access everything.
A group may access certain servers.
Another group can only access certain ports of servers on all Site2Site VPN (AutoVPN).

The authorization for the ClientVPN takes place with RADIUS on the ActiveDirectory server https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN. But according to the instructions I don't get any routing to a network from the client at all and I don't want to change any default route on the client. I can't set the routing to all known networks anywhere.

I try to use Windows 11.

Regards, Ronny

alemabrahao · ‎Dec 29 2022

The best option if you intend to limit access is to use Anyconnect and configure group policies with Filter-ID.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Group_Policies_with_RA...

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Server_Settings

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao · ‎Dec 29 2022