There is any way to filter where my users connect to the Client VPN?

CArboleda
New here

There is any way to filter where my users connect to the Client VPN?

I need to block unauthorized IPs or MAC Address to connect to the Client VPN but i cant find where to configure this, maybe someone know how to do it?

 

Thanks

7 Replies 7
KRobert
Head in the Cloud

Hi @CArboleda 

 

My first thought is to create a Layer 3 Firewall rule on the MX that you are using as your Client VPN Hub. Create a rule to deny access to the IP addresses you wish to block. 

 

KRobert_0-1587672701183.png

It is worth a try.

CMNO, CCNA R+S
CArboleda
New here

thanks for the response but i guess i have to rephrase the question, for example:

 

my user one first conect from 181.39.20.100 to the public IP of my meraki, if he tries to connect from a different IP he can't be able to connect unless we add the new IP to a filter.

PhilipDAth
Kind of a big deal
Kind of a big deal

You can not block client VPN connections by IP address.

 

Actually you could probably do it using RADIUS, but it would be a complicated RADIUS setup.  The RADIUS server would have to match the client IP address and permit/deny based on that.

SoCalRacer
Kind of a big deal

It is a bit odd to block Client VPN connections by IP, can you explain the reason? 

CArboleda
New here

We need to allow the connections only from their home ip address, because our boss dont want them to use the VPN connection from other un-know locations 

SoCalRacer
Kind of a big deal

I would say try RADIUS or implement hardware in place like Z3 or MR33 that can implement VPN to the main office. The other issue you will run into with locking down to single IP with home users is their public IP changing, it usually becomes a bigger headache than its worth depending on the amount of users.

ConnorL
Meraki Employee
Meraki Employee

If it's anything like my ISP (Virgin Media), they'll change your public IP address pretty regularly unless you pay for a static IP. So for home addresses, this will never likely be a good solution.

Also, if a user's home internet connection goes down and they wish to use their smartphone's 4G connection to VPN in, you'd prevent that also.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels