cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX64W -- wifi users access VPN?

SOLVED
Highlighted
Conversationalist

MX64W -- wifi users access VPN?

We have an MX64W.  Is there a way to allow our wifi users to connect to the VPN?  

 

We have several employees with laptops that connect to the Internet through the MX wifi.  But they can't connect to the VPN.  (If they "borrow" the public wifi from the business next door, they can connect to our VPN.)

 

Is there a settings change that would allow this?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal
Kind of a big deal

Re: MX64W -- wifi users access VPN?

I dont think that is possible. And it would not be efficiënt  either.

 

the correct way is to create 2 ssids. And sepperate  the guest  wifi/vlan with  appropriate ACL rules.  

View solution in original post

6 REPLIES 6
Highlighted
Kind of a big deal
Kind of a big deal

Re: MX64W -- wifi users access VPN?

You want to connect from the lan side of the mx to the same  mx (client) vpn ?

 

Or are you talking about a vpn  service  hosted somewhere else?

Conversationalist

Re: MX64W -- wifi users access VPN?

Yes, the VPN is on the MX. 

 

The wifi is on a separate VLAN from the LAN ports (because the wifi is also used occasionally by customers and sales reps.)

 

 

 

 

Highlighted
Kind of a big deal
Kind of a big deal

Re: MX64W -- wifi users access VPN?

I dont think that is possible. And it would not be efficiënt  either.

 

the correct way is to create 2 ssids. And sepperate  the guest  wifi/vlan with  appropriate ACL rules.  

View solution in original post

Highlighted
Conversationalist

Re: MX64W -- wifi users access VPN?

Thanks, I hadn't thought of using two SSIDs.  That would take care of the employee laptops 

 

We do have a PC for presentations in our conference room.  Currently it's connected to the wifi (so not internal).  Sometimes sales reps present (and we don't want them on our LAN).  But other times employees do training for other employees and need to RDP to their desktops to show their software.  (RDP is allowed only over the VPN.)

 

I guess that could work with the dual SSIDs as well.  Whenever an employee is presenting, have them connect to the Employee SSID and just RDP without VPN since they're connecting internally.  When a rep is presenting, I can have them connect the presentation PC to the "public" SSID.  Though I can foresee confusion and some employee in the sales rep's meeting saying, "Here, I'll log you in to the wifi" and logging into the Employee wifi.

 

Any suggestions how best to handle this--Meraki or otherwise?  

Highlighted
Building a reputation

Re: MX64W -- wifi users access VPN?

I have not tried this before with Meraki but I think you can secure it to MAC addresses.  Might be kind of hard to manage for a large network of users but it is an option.

Highlighted
Conversationalist

Re: MX64W -- wifi users access VPN?

That could work for our dedicated employee laptops. 

 

But we have one computer--in the building but outside our network, connecting to the Internet via Meraki wifi--that is dual purpose:  used sometimes by employees (who need to be able to RDP to their desktop inside the network) and sometimes by sales reps (who should remain outside our network.)

 

Since we already have the Meraki VPN, I thought it would be a simple matter for this desktop to connect to the VPN when needed.

 

But it looks like that isn't possible to do that through the Meraki wifi. 

 

We do have a jack in that room that goes to our network switch.  I'll probably leave that computer as is (outside the network) and when employees need to do a demo, I'll loan them a laptop and plug it into the jack for the meeting.

 

Thank you both for your input.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.