Meraki Client VPN different groups restricted access

SOLVED
ShadowoftheD
Here to help

Meraki Client VPN different groups restricted access

Hi,

 

 

Is there a way to restrict Client VPN access in Meraki with different groups?

 

I tried looking but so far what I've seen is one to all i.e. the rule applied applies to all. In my case, I want to separate what IT group can access via VPN over the Business side VPN users.

 

Is there a way to do this via Merak?

 

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Mayur_Gadhvi
Meraki Employee

Re: Meraki Client VPN different groups restricted access

At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN. (Reference: https://documentation.meraki.com/zMeraki_Internal/Draft_Articles/DRAFT%3A_Client_VPN_Overview_-_UPDA...) so either we can achieve this by applying the group policy per client or we can make the Firwall rules accordingly to restrict the access between different vlan.

 

 

View solution in original post

4 REPLIES 4
PhilipDAth
Kind of a big deal

Re: Meraki Client VPN different groups restricted access

You need to create a group policy for each group of different rules that you want.  Then log in via VPN as the user account.  After this they appear in the portal.  Once they appear their apply the group policy to them.

The setting will now stick each time the user logs in.

Mayur_Gadhvi
Meraki Employee

Re: Meraki Client VPN different groups restricted access

At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN. (Reference: https://documentation.meraki.com/zMeraki_Internal/Draft_Articles/DRAFT%3A_Client_VPN_Overview_-_UPDA...) so either we can achieve this by applying the group policy per client or we can make the Firwall rules accordingly to restrict the access between different vlan.

 

 

View solution in original post

Jeizzen
Getting noticed

Re: Meraki Client VPN different groups restricted access

@PhilipDAth 

 

When you say 'settings stick' to the user, do you know how ?

 

MAC adress, username/password, etc....

 

 

thanks

Bruce
Kind of a big deal

Re: Meraki Client VPN different groups restricted access

The Group Policy is applied to the device, not the user - generally this is by MAC address. Note that the MAC address will be that of the VPN adapter on the client, so different to its Ethernet adapter. Thus if a client connects via Client VPN and directly to the MX (e.g. in an office) then it will appear twice in the client list - once for each MAC address, and so could have a different Group Policy assigned for each.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.