Meraki

Community

Split tunnel-client VPN on meraki mx 105

Roni
Comes here often
‎May 23 2022 8:09 AM
‎May 23 2022 8:09 AM

Split tunnel-client VPN on meraki mx 105

Hi,

 

I was asked to set up a client-vpn  split tunnel mode on the mx 105.

 

Does it make sense that this ability of "split tunnel" cannot be defined?

 

I have not found in any source of information how to do this.

 

Thanks for the help.

Labels:
0 Kudos
9 Replies 9
CptnCrnch
Kind of a big deal
Kind of a big deal
‎May 23 2022 8:22 AM
‎May 23 2022 8:22 AM

How about that one? https://documentation.meraki.com/MX/Client_VPN/Configuring_Split_Tunnel_Client_VPN

In response to CptnCrnch
Roni
Comes here often
‎May 23 2022 8:27 AM
‎May 23 2022 8:27 AM

Hey,

first, thank you very much.
But does the only way is to set up this ability on the "client-side"?
for example on fortigate you can enable this ability on the firewall without the need to do anything on the "client-side".

 

Roni_0-1653319584258.png

 

0 Kudos
In response to Roni
CptnCrnch
Kind of a big deal
Kind of a big deal
‎May 23 2022 9:45 AM
‎May 23 2022 9:45 AM

Comparing apples to apples, you should switch over to a newer MX release including Anyconnect and go for 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance#Client_Routing

In response to Roni
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 23 2022 12:25 PM
‎May 23 2022 12:25 PM

When you are using AnyConnect, the configuration looks like this:

 

PhilipDAth_0-1653333941267.png

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 23 2022 12:24 PM
‎May 23 2022 12:24 PM

I'm with @CptnCrnch .  You should buy Cisco AnyConnect licences, and use that.  It has all the bells and whistles, and works really well.

 

Otherwise, if you really want to use the Microsoft VPN client (which I don't think you should), my client VPN wizard will allow you to build split VPNs for Windows.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

0 Kudos
In response to PhilipDAth
Roni
Comes here often
‎May 24 2022 12:09 AM
‎May 24 2022 12:09 AM

Thank you both.

so as I see, I need to buy the "AnyConnecet" licenses, and this ability they will be able to use, right?

 

Thanks again. 

0 Kudos
In response to Roni
Roni
Comes here often
‎May 24 2022 1:18 AM
‎May 24 2022 1:18 AM

@CptnCrnch @PhilipDAth 

And another question please, If I have the  "advanced security" License, do I need to buy anything else?

Roni_0-1653380294765.png

 

Thank you.

0 Kudos
In response to Roni
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 24 2022 4:28 AM
‎May 24 2022 4:28 AM

If you have the Advanced Security licence, you just need to buy Cisco AnyConnect licences.

You need one per person who will be using AnyConnect.  Usually, you buy it with a term to match your Meraki licence (for example, 3 or 5 years).

 

When buying AnyConnect there are two main options - AnyConnect Plus and AnyConnect Apex.

With APEX you can do SAML authentication - which means you can directly authenticate against things like Azure AD, which makes doing MFA really easy.

If SAML is of no interest, get AnyConnect Plus instead (cheaper).

0 Kudos
In response to PhilipDAth
bjohndoe
Here to help
‎Jul 13 2022 2:33 PM
‎Jul 13 2022 2:33 PM

Why would you need to buy AnyConnect licenses? I am using AnyConnect with SAML on my MX's and it doesn't require any licensing that I am aware of.

 

Is there a difference between the Cisco AnyConnect clients that are available through the Meraki Dashboard vs the licensed Cisco AnyConnect clients?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.