We are using Meraki IPsec config with P2TP vpn connection on windows workstation. I have also Azure Conditional access setup allowing access only from meraki external WAN Ipv4 Since month I am experiencing problem with users who`s ISP provide routable IPv6. They connect to VPN without the problem but then some other services like MS Teams are using IPv6 provided by ISP and they are outside the tunnel. I have checked IPv4 and IPv6 VPN tunnel settings on all workstations and they are not on split tunnel. Is there any way I can force that IPv6 to go true the tunnel?
My first thought is - when you are pursuing a zero-trust architecture - why are you basing conditional access on an IP address? Why aren't you simply checking that the computer accessing the service is a trusted, compliant computer? I think if you resolve this issue - your entire problem will dissappear.