Restricting Sign-ins on client VPNs

Caleb_Murphy
Comes here often

Restricting Sign-ins on client VPNs

Haven't been able to find much information on this. Is there a way to restrict Client VPN sign in's by location? Say no one outside of the US can sign in to the client VPN? I know there is a geo-blocking firewall wall rule option, but I don't really want to restrict the traffic once a client is connected I just want to restrict sign in's from outside the US.

4 REPLIES 4
cshaun
Here to help

The closest you could do with Meraki would be a layer 7 firewall rule to block inbound traffic from other countries.

Thanks for giving solution.

PhilipDAth
Kind of a big deal
Kind of a big deal

I can only think of one way to do this reliably, which would be to use Cisco AnyConnect, SAML, and Cisco Duo Beyond.

 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance/Authentication 

 

https://duo.com/docs/policy#user-location 

 

Note that you can also use Cisco Duo with any SAML supported app, like Office 365, Amazon AWS, Sales Force, etc, and apply the same restrictions and policies.

Inderdeep
Kind of a big deal
Kind of a big deal

@Caleb_Murphy : Check if it helps 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels