Meraki

Community

Meraki Client VPN

Aamir
Here to help
‎Apr 25 2024 5:31 PM
‎Apr 25 2024 5:31 PM

Meraki Client VPN

Hi,

For client VPN, my customer would like his suppliers to connect to his network, get locally authenticated and get access to a specific VLAN based only? How to do that in Meraki. 

Labels:
0 Kudos
8 Replies 8
alemabrahao
Kind of a big deal
‎Apr 25 2024 5:46 PM
‎Apr 25 2024 5:46 PM

You can use Active directory based authentication and use group policy to restrict the access.

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Aamir
Here to help
‎Apr 25 2024 6:14 PM
‎Apr 25 2024 6:14 PM

these are external suppliers that wont be part of AD. 

0 Kudos
In response to Aamir
alemabrahao
Kind of a big deal
‎Apr 25 2024 6:42 PM
‎Apr 25 2024 6:42 PM

Then use the Meraki based authentication.  

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Managing_User_Account...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Aamir
Here to help
‎Apr 25 2024 6:54 PM
‎Apr 25 2024 6:54 PM

then i can apply group policy on these Meraki Cloud Accounts?

0 Kudos
In response to Aamir
alemabrahao
Kind of a big deal
‎Apr 26 2024 2:14 AM
‎Apr 26 2024 2:14 AM

Yep

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
AlexP
Meraki Employee
Meraki Employee
‎Apr 26 2024 12:00 PM
‎Apr 26 2024 12:00 PM

Unfortunately this won't work - if you're trying to manually apply policies to the clients in question, it only lasts until they disconnect.

 

I would recommend that OP use AnyConnect instead, and deploy it with a profile that restricts what these contractors have access to by only telling it to route traffic destined to the VLAN in question over the tunnel, and nothing else.

0 Kudos
In response to AlexP
alemabrahao
Kind of a big deal
‎Apr 26 2024 12:42 PM
‎Apr 26 2024 12:42 PM

Group Policies

It is possible to manually apply group policies to clients connected via client VPN. A group policy applied to a client VPN user is associated with the username and not the device. Different devices that connect to client VPN with the same username will receive the same group policy. For more help on assigning or removing group policies applied to a client, refer to the Creating and Applying Group Policies document.

 

It is not possible to assign group policies automatically once a user connects to client VPN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Aamir
Here to help
‎Apr 28 2024 5:54 PM
‎Apr 28 2024 5:54 PM

Hi,

For L2TP I had a chat with Meraki SE and he mentioned the group policy will be tied to the VPN client virtual MAC address and not the username and virtual MAC address can change and if it changes then group policy wont get applied?

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.