Site to site VPN block incoming traffic

Kbergros
Conversationalist

Site to site VPN block incoming traffic

Hi...

 

We have set up an VPN tunnel against a another company that dont use Meraki as VPN firewall.

The tunnel works and I have set upp outgoing rules for the tunnel. But I cant set up incoming rules, I just want to allow specific ports...my question is this not supported? Asked the Meraki support the same question but havent got a response yet....

3 Replies 3
hoempf
Getting noticed

Hi

 

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Site-to-site_Firewall_Rule_behavior

 

Bummer, looks like it's not supported:

 

When configuring VPN Firewall rules, it is important to remember that traffic should be stopped as close to the originating client device as possible. This cuts down on traffic over the VPN tunnel and will result in the best network performance. Because of this, site-to-site firewall rules are applied only to outgoing traffic. As such, the MX cannot block VPN traffic initiated by non-Meraki peers. 

 


 

Kbergros
Conversationalist

Thank You!

 

Also read that same statement....starting to be disappointed with Meraki, this has been standard on the other Firewall manufactors we have been using for the past 10 years. Will wait to see what Meraki support says... if it is not possible to filter both outgoing and incoming traffic for site to site VPN tunnel, we will have to configure this VPN tunnel on some of our older firewalls that can manage this.....

Kbergros
Conversationalist

Hi...

 

Have asked Meraki support again and according to them there is still not possible to block incoming traffic over the site to site VPN tunnel...

 

Does anyone now if this is in the roadmap (support dont) or is there any "workaround" to solve this?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels