Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to enable Split Tunneling on Meraki Dashboard

VZ
Here to help
a month ago
a month ago

How to enable Split Tunneling on Meraki Dashboard

Hello,

 

My company is running into the issue when connected to VPN that it is using the local user gateway and not their works creating IP conflict when trying to RDP. When connected I do an ipconfig and it shows 0.0.0.0 gateway, with the VPN connection and when I do a route print it shows the gateway is the local. I know you can change split tunneling on the client devices. The box is checked to use default gateway on remote network. 

Labels:
0 Kudos
Subscribe
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
a month ago
a month ago

If you are talking about the Microsoft client VPN, then I created this wizard that can create VPN configurations using split tunnelling.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

 

Subscribe
In response to PhilipDAth
VZ
Here to help
a month ago
a month ago

Thank you, looks like an useful tool. 

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
a month ago
a month ago

Here is it.

 

https://documentation.meraki.com/MX/Client_VPN/Configuring_Split_Tunnel_Client_VPN

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
VZ
Here to help
a month ago
a month ago

Thank you I have tried this but still get 0.0.0.0 on my gateway for the VPN and can't RDP into a computer. 

0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
a month ago
a month ago

For Anyconnect (Secureclient) VPN you can configure this on dashboard at the client traffic section (send all traffic, send only for these destinations, send everything except these destinations).

For the classic L2TP/IPsec, you'll need to use the capabilities of the client itself.
In case of windows native you can rely on scripts like @PhilipDAth provides or just build the VPN yourself using Windows Powershell (add-vpnconnection -name xx - splittunneling etc etc).

If you are on MAC then you will have a more difficult time.

 

So if you can pay for the licenses, go with the Anyconnect VPN option instead.

Subscribe
In response to GIdenJoe
VZ
Here to help
a month ago
a month ago

Thank you, we would have to use the Windows native at this time. I have done the split tunneling on the client side using the steps above but shouldn't it hand out the work gateway and not use the client gateway? Thinking that's why I'm getting the IP conflict. 

0 Kudos
Subscribe
In response to VZ
GIdenJoe
Kind of a big deal
Kind of a big deal
4 weeks ago
4 weeks ago

If you use the Add-VpnConnectionRoute way then it will only add the routes to the internal nets to your adapter when you dial in.
If you do a route print when dialed in you will see all the routed destinations with your own VPN adapter as gateway which is normal behavior.  So it will not show the network gateway because that is the way it is done in windows 😉

GIdenJoe_0-1721287436222.png

 



0 Kudos
Subscribe
VZ
Here to help
a month ago
a month ago

Update:

 

Possible fix, on the client device under IPv4-IP settings, checking "Use default gateway on remote network" the split tunneling. And on the same page the DNS tab "append these DNS suffixes (in order) add your domain name so it can resolve the computer name and allow RDP through computer name. Feel like there's a better way to configure not of the client side but this seemed to help. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.