Hi,
I was asked to set up a client-vpn split tunnel mode on the mx 105.
Does it make sense that this ability of "split tunnel" cannot be defined?
I have not found in any source of information how to do this.
Thanks for the help.
Hey,
first, thank you very much.
But does the only way is to set up this ability on the "client-side"?
for example on fortigate you can enable this ability on the firewall without the need to do anything on the "client-side".
Comparing apples to apples, you should switch over to a newer MX release including Anyconnect and go for
https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance#Client_Routing
When you are using AnyConnect, the configuration looks like this:
I'm with @CptnCrnch . You should buy Cisco AnyConnect licences, and use that. It has all the bells and whistles, and works really well.
Otherwise, if you really want to use the Microsoft VPN client (which I don't think you should), my client VPN wizard will allow you to build split VPNs for Windows.
Thank you both.
so as I see, I need to buy the "AnyConnecet" licenses, and this ability they will be able to use, right?
Thanks again.
And another question please, If I have the "advanced security" License, do I need to buy anything else?
Thank you.
If you have the Advanced Security licence, you just need to buy Cisco AnyConnect licences.
You need one per person who will be using AnyConnect. Usually, you buy it with a term to match your Meraki licence (for example, 3 or 5 years).
When buying AnyConnect there are two main options - AnyConnect Plus and AnyConnect Apex.
With APEX you can do SAML authentication - which means you can directly authenticate against things like Azure AD, which makes doing MFA really easy.
If SAML is of no interest, get AnyConnect Plus instead (cheaper).
Why would you need to buy AnyConnect licenses? I am using AnyConnect with SAML on my MX's and it doesn't require any licensing that I am aware of.
Is there a difference between the Cisco AnyConnect clients that are available through the Meraki Dashboard vs the licensed Cisco AnyConnect clients?