cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

There is any way to filter where my users connect to the Client VPN?

Highlighted
New here

There is any way to filter where my users connect to the Client VPN?

I need to block unauthorized IPs or MAC Address to connect to the Client VPN but i cant find where to configure this, maybe someone know how to do it?

 

Thanks

7 REPLIES 7
Highlighted
A model citizen

Re: There is any way to filter where my users connect to the Client VPN?

Hi @CArboleda 

 

My first thought is to create a Layer 3 Firewall rule on the MX that you are using as your Client VPN Hub. Create a rule to deny access to the IP addresses you wish to block. 

 

KRobert_0-1587672701183.png

It is worth a try.

CMNO, CCNA R+S
Highlighted
Kind of a big deal

Re: There is any way to filter where my users connect to the Client VPN?

You can not block client VPN connections by IP address.

 

Actually you could probably do it using RADIUS, but it would be a complicated RADIUS setup.  The RADIUS server would have to match the client IP address and permit/deny based on that.

Highlighted
New here

Re: There is any way to filter where my users connect to the Client VPN?

thanks for the response but i guess i have to rephrase the question, for example:

 

my user one first conect from 181.39.20.100 to the public IP of my meraki, if he tries to connect from a different IP he can't be able to connect unless we add the new IP to a filter.

Highlighted
Kind of a big deal

Re: There is any way to filter where my users connect to the Client VPN?

It is a bit odd to block Client VPN connections by IP, can you explain the reason? 

Highlighted
New here

Re: There is any way to filter where my users connect to the Client VPN?

We need to allow the connections only from their home ip address, because our boss dont want them to use the VPN connection from other un-know locations 

Highlighted
Kind of a big deal

Re: There is any way to filter where my users connect to the Client VPN?

I would say try RADIUS or implement hardware in place like Z3 or MR33 that can implement VPN to the main office. The other issue you will run into with locking down to single IP with home users is their public IP changing, it usually becomes a bigger headache than its worth depending on the amount of users.

Highlighted
Meraki Employee

Re: There is any way to filter where my users connect to the Client VPN?

If it's anything like my ISP (Virgin Media), they'll change your public IP address pretty regularly unless you pay for a static IP. So for home addresses, this will never likely be a good solution.

Also, if a user's home internet connection goes down and they wish to use their smartphone's 4G connection to VPN in, you'd prevent that also.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.