Split tunnel-client VPN on meraki mx 105

Roni
Comes here often

Split tunnel-client VPN on meraki mx 105

Hi,

 

I was asked to set up a client-vpn  split tunnel mode on the mx 105.

 

Does it make sense that this ability of "split tunnel" cannot be defined?

 

I have not found in any source of information how to do this.

 

Thanks for the help.

9 REPLIES 9
CptnCrnch
Kind of a big deal
Kind of a big deal
Roni
Comes here often

Hey,

first, thank you very much.
But does the only way is to set up this ability on the "client-side"?
for example on fortigate you can enable this ability on the firewall without the need to do anything on the "client-side".

 

Roni_0-1653319584258.png

 

CptnCrnch
Kind of a big deal
Kind of a big deal

Comparing apples to apples, you should switch over to a newer MX release including Anyconnect and go for 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance#Client_Routing

PhilipDAth
Kind of a big deal
Kind of a big deal

When you are using AnyConnect, the configuration looks like this:

 

PhilipDAth_0-1653333941267.png

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm with @CptnCrnch .  You should buy Cisco AnyConnect licences, and use that.  It has all the bells and whistles, and works really well.

 

Otherwise, if you really want to use the Microsoft VPN client (which I don't think you should), my client VPN wizard will allow you to build split VPNs for Windows.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

Roni
Comes here often

Thank you both.

so as I see, I need to buy the "AnyConnecet" licenses, and this ability they will be able to use, right?

 

Thanks again. 

Roni
Comes here often

@CptnCrnch @PhilipDAth 

And another question please, If I have the  "advanced security" License, do I need to buy anything else?

Roni_0-1653380294765.png

 

Thank you.

PhilipDAth
Kind of a big deal
Kind of a big deal

If you have the Advanced Security licence, you just need to buy Cisco AnyConnect licences.

You need one per person who will be using AnyConnect.  Usually, you buy it with a term to match your Meraki licence (for example, 3 or 5 years).

 

When buying AnyConnect there are two main options - AnyConnect Plus and AnyConnect Apex.

With APEX you can do SAML authentication - which means you can directly authenticate against things like Azure AD, which makes doing MFA really easy.

If SAML is of no interest, get AnyConnect Plus instead (cheaper).

Why would you need to buy AnyConnect licenses? I am using AnyConnect with SAML on my MX's and it doesn't require any licensing that I am aware of.

 

Is there a difference between the Cisco AnyConnect clients that are available through the Meraki Dashboard vs the licensed Cisco AnyConnect clients?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels