We have an MX64W. Is there a way to allow our wifi users to connect to the VPN?
We have several employees with laptops that connect to the Internet through the MX wifi. But they can't connect to the VPN. (If they "borrow" the public wifi from the business next door, they can connect to our VPN.)
Is there a settings change that would allow this?
Solved! Go to solution.
I dont think that is possible. And it would not be efficiënt either.
the correct way is to create 2 ssids. And sepperate the guest wifi/vlan with appropriate ACL rules.
You want to connect from the lan side of the mx to the same mx (client) vpn ?
Or are you talking about a vpn service hosted somewhere else?
Yes, the VPN is on the MX.
The wifi is on a separate VLAN from the LAN ports (because the wifi is also used occasionally by customers and sales reps.)
I dont think that is possible. And it would not be efficiënt either.
the correct way is to create 2 ssids. And sepperate the guest wifi/vlan with appropriate ACL rules.
Thanks, I hadn't thought of using two SSIDs. That would take care of the employee laptops
We do have a PC for presentations in our conference room. Currently it's connected to the wifi (so not internal). Sometimes sales reps present (and we don't want them on our LAN). But other times employees do training for other employees and need to RDP to their desktops to show their software. (RDP is allowed only over the VPN.)
I guess that could work with the dual SSIDs as well. Whenever an employee is presenting, have them connect to the Employee SSID and just RDP without VPN since they're connecting internally. When a rep is presenting, I can have them connect the presentation PC to the "public" SSID. Though I can foresee confusion and some employee in the sales rep's meeting saying, "Here, I'll log you in to the wifi" and logging into the Employee wifi.
Any suggestions how best to handle this--Meraki or otherwise?
I have not tried this before with Meraki but I think you can secure it to MAC addresses. Might be kind of hard to manage for a large network of users but it is an option.
That could work for our dedicated employee laptops.
But we have one computer--in the building but outside our network, connecting to the Internet via Meraki wifi--that is dual purpose: used sometimes by employees (who need to be able to RDP to their desktop inside the network) and sometimes by sales reps (who should remain outside our network.)
Since we already have the Meraki VPN, I thought it would be a simple matter for this desktop to connect to the VPN when needed.
But it looks like that isn't possible to do that through the Meraki wifi.
We do have a jack in that room that goes to our network switch. I'll probably leave that computer as is (outside the network) and when employees need to do a demo, I'll loan them a laptop and plug it into the jack for the meeting.
Thank you both for your input.