Meraki

Community

Site to Site VPN tunnel to one computer

JDoetsch
Conversationalist
‎Jul 31 2020 12:11 PM
‎Jul 31 2020 12:11 PM

Site to Site VPN tunnel to one computer

Hi Everyone,

I've got a client who needs to set up a site-to-site tunnel that only allows access to one computer.  I haven't done much work with Meraki, so I figured I'd do a quick sanity check to validate a few things

- The other endpoint is not a Meraki, so I assume I'd be configuring this under "Non-Meraki VPN Peers"

- I would be using a /32 in the Private Subnets

- I would be choosing "No Networks" in the Availability so that this tunnel wouldn't be created on other Merakis in the organization

Is there anything I'm missing or misunderstanding?

Thanks!

 

 

0 Kudos
2 Replies 2
GaryShainberg
Building a reputation
‎Jul 31 2020 2:48 PM
‎Jul 31 2020 2:48 PM

Hi there,

 

I think what you are proposing should work OK, if you wanted to be safe, you could also create a firewall rule to block all traffic to the VPN subnet from all other networks / vLANs - just "belt and braces"

 

Although reading your post again, why not keep life simple and use client VPN ?

 

Regards

 

Gary

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 1 2020 4:11 PM
‎Aug 1 2020 4:11 PM

You won't be able to do this.  For the source encryption domain on the Meraki side you can only select whole subnets.

 

You'll need to tag the network and then apply the non-Meraki VPN to that tag.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.