Meraki Client VPN different groups restricted access

Solved
ShadowoftheD
Here to help

Meraki Client VPN different groups restricted access

Hi,

 

 

Is there a way to restrict Client VPN access in Meraki with different groups?

 

I tried looking but so far what I've seen is one to all i.e. the rule applied applies to all. In my case, I want to separate what IT group can access via VPN over the Business side VPN users.

 

Is there a way to do this via Merak?

 

 

Thanks

1 Accepted Solution
Mayur_Gadhvi
Meraki Alumni (Retired)
Meraki Alumni (Retired)

At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN. (Reference: https://documentation.meraki.com/zMeraki_Internal/Draft_Articles/DRAFT%3A_Client_VPN_Overview_-_UPDA...) so either we can achieve this by applying the group policy per client or we can make the Firwall rules accordingly to restrict the access between different vlan.

 

 

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

You need to create a group policy for each group of different rules that you want.  Then log in via VPN as the user account.  After this they appear in the portal.  Once they appear their apply the group policy to them.

The setting will now stick each time the user logs in.

Jeizzen
Getting noticed

@PhilipDAth 

 

When you say 'settings stick' to the user, do you know how ?

 

MAC adress, username/password, etc....

 

 

thanks

Bruce
Kind of a big deal

The Group Policy is applied to the device, not the user - generally this is by MAC address. Note that the MAC address will be that of the VPN adapter on the client, so different to its Ethernet adapter. Thus if a client connects via Client VPN and directly to the MX (e.g. in an office) then it will appear twice in the client list - once for each MAC address, and so could have a different Group Policy assigned for each.

Mayur_Gadhvi
Meraki Alumni (Retired)
Meraki Alumni (Retired)

At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN. (Reference: https://documentation.meraki.com/zMeraki_Internal/Draft_Articles/DRAFT%3A_Client_VPN_Overview_-_UPDA...) so either we can achieve this by applying the group policy per client or we can make the Firwall rules accordingly to restrict the access between different vlan.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels