Only allowing single address from Spoke

Cardinal-Red
Just browsing

Only allowing single address from Spoke

We are doing some scenario testing and I would like to see if anyone has any insight to my issue.

 

We have a hub and spoke setup. If one of our spokes had an outbreak of a virus and we needed to shut the VPN tunnels down, but wanted to allow 1 IP address through (leak it), say a printer... is there a way to do that.

 

So far I have went into the MX device to the firewall and put in a statement allowing only that IP address and then turning the VPN tunnel back on, but when I run an IP scan, I'm seeing more than just that address.

 

Any direction would help

2 REPLIES 2
Bruce
Kind of a big deal

Have a look at the site-to-site VPN firewall rules, https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior. These apply to both AutoVPN and non-Meraki VPNs, and apply organisation-wide.

ww
Kind of a big deal
Kind of a big deal

You need to use the sts vpn firewall for restricting vpn traffic

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels