Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Client VPN

Aamir
Here to help
a week ago
a week ago

Meraki Client VPN

Hi,

For client VPN, my customer would like his suppliers to connect to his network, get locally authenticated and get access to a specific VLAN based only? How to do that in Meraki. 

Labels:
0 Kudos
Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
a week ago
a week ago

You can use Active directory based authentication and use group policy to restrict the access.

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Aamir
Here to help
a week ago
a week ago

these are external suppliers that wont be part of AD. 

0 Kudos
Subscribe
In response to Aamir
alemabrahao
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Then use the Meraki based authentication.  

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Managing_User_Account...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Aamir
Here to help
a week ago
a week ago

then i can apply group policy on these Meraki Cloud Accounts?

0 Kudos
Subscribe
In response to Aamir
alemabrahao
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Yep

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
AlexP
Meraki Employee
Meraki Employee
a week ago
a week ago

Unfortunately this won't work - if you're trying to manually apply policies to the clients in question, it only lasts until they disconnect.

 

I would recommend that OP use AnyConnect instead, and deploy it with a profile that restricts what these contractors have access to by only telling it to route traffic destined to the VLAN in question over the tunnel, and nothing else.

0 Kudos
Subscribe
In response to AlexP
alemabrahao
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Group Policies

It is possible to manually apply group policies to clients connected via client VPN. A group policy applied to a client VPN user is associated with the username and not the device. Different devices that connect to client VPN with the same username will receive the same group policy. For more help on assigning or removing group policies applied to a client, refer to the Creating and Applying Group Policies document.

 

It is not possible to assign group policies automatically once a user connects to client VPN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Aamir
Here to help
Sunday
Sunday

Hi,

For L2TP I had a chat with Meraki SE and he mentioned the group policy will be tied to the VPN client virtual MAC address and not the username and virtual MAC address can change and if it changes then group policy wont get applied?

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.