Meraki

Community

Restrict Particular VPN's to Particular VLANS

JonathanC
Here to help
‎Oct 12 2022 3:50 PM
‎Oct 12 2022 3:50 PM

Restrict Particular VPN's to Particular VLANS

Hi,

We've got remote sites with Z3's
In the office we've got some VLANs

120

121

122

etc

etc

 

I'd like to setup VPNs between particular VLANs in the office and Z3's in the field. That way it ends up something like this

 

VLAN 120 (10.0.20.0/24) VPN <----> Z3's 192.168.31.0/24

VLAN 121 (10.0.21.0/24) VPN <----> Z3's 192.168.32.0/24

etc

Each is separate and secure from each other.

As an alternative can I make the Z3 network the same VLAN as inside the office? Not sure what you'd call that.

Hope what I'm trying to accomplish is clear.

 

Thanks

Jon

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
‎Oct 12 2022 4:38 PM
‎Oct 12 2022 4:38 PM

 

Could you please explain better?

 

The VLAN 120 (10.0.20.0/24) VPN and VLAN 121 (10.0.21.0/24) VPN networks are Client VPN, Meraki VPN or Non-Mreaki VPN.

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
JonathanC
Here to help
‎Oct 13 2022 1:59 PM
‎Oct 13 2022 1:59 PM

Meraki VPN.

The "office" has an MX64W.

0 Kudos
In response to JonathanC
alemabrahao
Kind of a big deal
‎Oct 13 2022 2:06 PM
‎Oct 13 2022 2:06 PM

Ok, but  I didn't understand what do you want to do?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
JonathanC
Here to help
‎Oct 13 2022 2:29 PM
‎Oct 13 2022 2:29 PM

I want each of the remote networks behind each Z3 to be able to communicate to one (and only one) of VLANs at the local site.
That way a device on the Z3 network can access a server on a particular VLAN on our local net. 

0 Kudos
In response to JonathanC
alemabrahao
Kind of a big deal
‎Oct 13 2022 2:37 PM
‎Oct 13 2022 2:37 PM

Got, take a look on this:

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Site-to-site_VPN


https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#VPN_Firewall_Rules

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Oct 13 2022 2:51 PM
‎Oct 13 2022 2:51 PM

You would implement this using firewall rules.

There's different places you can apply them, but the most logical for what you're trying to achieve would be "Site-to-site outbound firewall" rules.

These are configured under "Security & SD-WAN -> Site-To-Site VPN".

 

Take a look at the below link for some extra info and examples

Site-to-site VPN Firewall Rule Behavior - Cisco Meraki

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.