MX64W -- wifi users access VPN?

SOLVED
Roger2
Conversationalist

MX64W -- wifi users access VPN?

We have an MX64W.  Is there a way to allow our wifi users to connect to the VPN?  

 

We have several employees with laptops that connect to the Internet through the MX wifi.  But they can't connect to the VPN.  (If they "borrow" the public wifi from the business next door, they can connect to our VPN.)

 

Is there a settings change that would allow this?

 

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal

I dont think that is possible. And it would not be efficiënt  either.

 

the correct way is to create 2 ssids. And sepperate  the guest  wifi/vlan with  appropriate ACL rules.  

View solution in original post

6 REPLIES 6
ww
Kind of a big deal
Kind of a big deal

You want to connect from the lan side of the mx to the same  mx (client) vpn ?

 

Or are you talking about a vpn  service  hosted somewhere else?

Roger2
Conversationalist

Yes, the VPN is on the MX. 

 

The wifi is on a separate VLAN from the LAN ports (because the wifi is also used occasionally by customers and sales reps.)

 

 

 

 

ww
Kind of a big deal
Kind of a big deal

I dont think that is possible. And it would not be efficiënt  either.

 

the correct way is to create 2 ssids. And sepperate  the guest  wifi/vlan with  appropriate ACL rules.  

Roger2
Conversationalist

Thanks, I hadn't thought of using two SSIDs.  That would take care of the employee laptops 

 

We do have a PC for presentations in our conference room.  Currently it's connected to the wifi (so not internal).  Sometimes sales reps present (and we don't want them on our LAN).  But other times employees do training for other employees and need to RDP to their desktops to show their software.  (RDP is allowed only over the VPN.)

 

I guess that could work with the dual SSIDs as well.  Whenever an employee is presenting, have them connect to the Employee SSID and just RDP without VPN since they're connecting internally.  When a rep is presenting, I can have them connect the presentation PC to the "public" SSID.  Though I can foresee confusion and some employee in the sales rep's meeting saying, "Here, I'll log you in to the wifi" and logging into the Employee wifi.

 

Any suggestions how best to handle this--Meraki or otherwise?  

Jwiley78
Building a reputation

I have not tried this before with Meraki but I think you can secure it to MAC addresses.  Might be kind of hard to manage for a large network of users but it is an option.

Roger2
Conversationalist

That could work for our dedicated employee laptops. 

 

But we have one computer--in the building but outside our network, connecting to the Internet via Meraki wifi--that is dual purpose:  used sometimes by employees (who need to be able to RDP to their desktop inside the network) and sometimes by sales reps (who should remain outside our network.)

 

Since we already have the Meraki VPN, I thought it would be a simple matter for this desktop to connect to the VPN when needed.

 

But it looks like that isn't possible to do that through the Meraki wifi. 

 

We do have a jack in that room that goes to our network switch.  I'll probably leave that computer as is (outside the network) and when employees need to do a demo, I'll loan them a laptop and plug it into the jack for the meeting.

 

Thank you both for your input.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels