Meraki

Community

Meraki Client VPN different groups restricted access

Solved
ShadowoftheD
Here to help
‎Feb 12 2020 6:10 PM
‎Feb 12 2020 6:10 PM

Meraki Client VPN different groups restricted access

Hi,

 

 

Is there a way to restrict Client VPN access in Meraki with different groups?

 

I tried looking but so far what I've seen is one to all i.e. the rule applied applies to all. In my case, I want to separate what IT group can access via VPN over the Business side VPN users.

 

Is there a way to do this via Merak?

 

 

Thanks

0 Kudos
1 Accepted Solution
Mayur_Gadhvi
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Feb 13 2020 4:21 PM
‎Feb 13 2020 4:21 PM

At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN. (Reference: https://documentation.meraki.com/zMeraki_Internal/Draft_Articles/DRAFT%3A_Client_VPN_Overview_-_UPDA...) so either we can achieve this by applying the group policy per client or we can make the Firwall rules accordingly to restrict the access between different vlan.

 

 

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 12 2020 6:27 PM
‎Feb 12 2020 6:27 PM

You need to create a group policy for each group of different rules that you want.  Then log in via VPN as the user account.  After this they appear in the portal.  Once they appear their apply the group policy to them.

The setting will now stick each time the user logs in.

In response to PhilipDAth
Jeizzen
Getting noticed
‎Jan 27 2021 5:16 AM
‎Jan 27 2021 5:16 AM

@PhilipDAth 

 

When you say 'settings stick' to the user, do you know how ?

 

MAC adress, username/password, etc....

 

 

thanks

0 Kudos
In response to Jeizzen
Bruce
Kind of a big deal
‎Jan 27 2021 12:33 PM
‎Jan 27 2021 12:33 PM

The Group Policy is applied to the device, not the user - generally this is by MAC address. Note that the MAC address will be that of the VPN adapter on the client, so different to its Ethernet adapter. Thus if a client connects via Client VPN and directly to the MX (e.g. in an office) then it will appear twice in the client list - once for each MAC address, and so could have a different Group Policy assigned for each.

Mayur_Gadhvi
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Feb 13 2020 4:21 PM
‎Feb 13 2020 4:21 PM

At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN. (Reference: https://documentation.meraki.com/zMeraki_Internal/Draft_Articles/DRAFT%3A_Client_VPN_Overview_-_UPDA...) so either we can achieve this by applying the group policy per client or we can make the Firwall rules accordingly to restrict the access between different vlan.

 

 

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.