Office365 / VPN Split Tunnel For Remote Users

SOLVED
Uberseehandel
Kind of a big deal

Office365 / VPN Split Tunnel For Remote Users

MS has clarified the requirements for split tunnel configuration when used with Office/MS365 products. They have also released an onboarding tool that checks whether the VPN is correctly configured for Office365 split tunnelling.

Optimize Office 365 connectivity for remote users using VPN split tunnelling 

Office 365 Network Onboarding tool POC updated with VPN testing 

 

The last time I posted anything about this I was roundly abused and accused. If the perpetrator is of a mind to repeat such remarks - don't bother.

 

For everybody else, and anybody testing split tunnelling, I hope it is of assistance. It works with Teams, which is becoming more popular since Zoom blotted its copybook.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I've redeemed myself.  I've created the most advanced tool that exists for creating Meraki client VPN connections.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

It can:

  • Build split tunnel VPNs
  • Build full tunnel VPNs
    • Allows for automatic exclusion of Office 365 services by dynamically fetching the list of Office 365 IP addresses at the time the script is run.
    • Allows for automatic exclusion of Cisco WebEx address.
  • Both types of VPN allow for general subnet exclusions.

View solution in original post

7 REPLIES 7
merakichamp
Building a reputation

@Uberseehandel  thanks a lot for this information

 

 

Julian
Getting noticed

interesting, thanks!!

PhilipDAth
Kind of a big deal
Kind of a big deal

I wish I could give you double kudos.


@PhilipDAth wrote:

I wish I could give you double kudos.


Just gave him some kudos on your behalf, @PhilipDAth! Wish granted!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here

Thanks guys

 

Philip will be amused to know that I got this steer through Wellington NZ, where there are a number of VMWare folk.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

UPDATE: I have this completely wrong.  This will cause just Office 365 traffic to be tunnelled - rather than excluded.  You need to make sure you only specify your internal subnets instead.  I have removed the broken answer.

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I've redeemed myself.  I've created the most advanced tool that exists for creating Meraki client VPN connections.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

It can:

  • Build split tunnel VPNs
  • Build full tunnel VPNs
    • Allows for automatic exclusion of Office 365 services by dynamically fetching the list of Office 365 IP addresses at the time the script is run.
    • Allows for automatic exclusion of Cisco WebEx address.
  • Both types of VPN allow for general subnet exclusions.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels