Meraki

ktv-meraki · ‎Jun 26 2025

We are using AnyConnect for Azure Hybrid domain joined devices. We have a request to allow a few Intuned iOS iphone devices onto client VPN so they can view cameras. Has anyone worked on a similar request? If so, what is the path of least resistance?

My original thought was reserving IPs to specific devices on client VPN and just use some ACLs but I don't see how to do that in Meraki.

Should I consider creating separate VPN profiles for these devices and setup split tunneling?

Thank you for your input.

alemabrahao · ‎Jun 26 2025

If you are using Intune only (without Meraki SM), you can still push AnyConnect profiles to iOS devices.

This would be the best option I see without using Meraki SM.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

MartinLL · ‎Jun 26 2025

If you use a RADIUS server to authenticate remote access users you can always configure a Group Policy limiting what users can talk to, then assign that policy to the Ios users during autorization.

MLL

PhilipDAth · ‎Jun 26 2025

I think the question you are asking is around per-user access controls. Is that correct?

If you use Radius you can use the Filter-Id attribute.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Group_Policies_with_RA...

I have provided some guidance on how to do this if you are using SAML (note you no longer need to send an email).

https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SAML-Group-Policy-assignment/m-p/245425/h...

Meraki

Community

Limiting iOS device access once on VPN

Limiting iOS device access once on VPN