MX VPN - Can't Kill a VPN user -- Surely this is a simple requirement?

stephenw
Conversationalist

MX VPN - Can't Kill a VPN user -- Surely this is a simple requirement?

Hi

We have set-up a couple of Metaki MX 64 units and in general, like the units very much.

There is one issue though,

We allow remote users to access our networks from time to time and after a chat with Meraki support, we are astounded to learn that there is no way to force a VPN user from the system. I appreciate that we can stop them re-connecting when they have disconnected but surely the ability to force a user off is a simple and obvious requirement.

We could achieve this with our free of charge OpenVPN set-up so why would it not be available with one of the world leaders in this technology?

Any help would be most appreciated. 

 

3 REPLIES 3
mmmmmmark
Building a reputation

I haven't tested it myself but does not deauthorizing the user or even deleting the user sever their connection? You would think that it would. I guess you could then add in a firewall rule to block any traffic or just VPN traffic from whatever IP they're connected from?

 

Thanks,

 

Mark

Hi Mark

Surprisingly it doesn't.

We tested this, both with AD policy on the back end LDAP AD, as well as trying to enforce a group policy on the MX.

Everything works when a user tries to reconnect, which is good, but Cisco seems to have overlooked the need to give someone a push.

Whilst we can work around this, it does seem somewhat of a basic requirement that you would expect to find on the units.

Steve

 

 

 

@stephenw this is one requirement we have in my organisation which is why we are unable to deploy MX units. I agree its a basic feature that should be there especially in enterprise grade equipment. It would be nice to be able to kill LDAP login sessions as well.

 

Hopefully this gets implemented at some point in the near future.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels