Meraki

Community

Ipv6 headeach

Obel
New here
‎Jul 27 2023 5:06 AM
‎Jul 27 2023 5:06 AM

Ipv6 headeach

Hi Team

We are using Meraki IPsec config with P2TP vpn connection on windows workstation.
I have also Azure Conditional access setup allowing access only from meraki external WAN Ipv4
Since month I am experiencing problem with users who`s ISP provide routable IPv6.
They connect to VPN without the problem but then some other services like MS Teams are using IPv6 provided by ISP and they are outside the tunnel.
I have checked IPv4 and IPv6 VPN tunnel settings on all workstations and they are not on split tunnel.  Is there any way I can force that IPv6 to go true the tunnel?

Labels:
0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 27 2023 8:07 AM
‎Jul 27 2023 8:07 AM

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 27 2023 2:32 PM
‎Jul 27 2023 2:32 PM

I don't think Microsoft intends to update their client to handle IPv6.

 

You'll need to look at using Cisco AnyConnect.  I would use SAML authentication against AzureAD in your case.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA... 

 

BUT

 

My first thought is - when you are pursuing a zero-trust architecture - why are you basing conditional access on an IP address?  Why aren't you simply checking that the computer accessing the service is a trusted, compliant computer?  I think if you resolve this issue - your entire problem will dissappear.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.