cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic shaping on Meraki Client VPN

SOLVED
Highlighted
Conversationalist

Traffic shaping on Meraki Client VPN

Hey guys I have been looking over some documentation and don't seem to find how to do traffic shaping on our client VPN. What I am trying to reduce is users watching Netflix over VPN, which seems like some of them are. Is this possible with the MX100? or is there another method to do this?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Meraki Employee

Re: Traffic shaping on Meraki Client VPN

Hey Josh,

I'd focus on trying to configure split tunnel on Client VPN rather than traffic shaping their traffic for stuff like Netflix. We've got a doc about this: https://documentation.meraki.com/MX/Client_VPN/Configuring_Split_Tunnel_Client_VPN

This would allow employees to access internal resources, and all other traffic wouldn't be routed over the VPN tunnel. It'll save you a lot of bandwidth as all non-internal stuff won't be routed over the Client VPN tunnel and instead use the client's standard internet connection. This means they could still watch Netflix for example, but it won't impact the Hub MX's bandwidth at all.

Kind regards,

--

Connor Loughlin
Network Support Engineer

.:|:.:|:. Cisco Meraki EMEAR 🇬🇧

For reference, many questions can be easily answered by searching our online documentation: http://documentation.meraki.com

View solution in original post

11 REPLIES 11
Highlighted
Kind of a big deal

Re: Traffic shaping on Meraki Client VPN

@JoshC1  This is mentioned in the Meraki documentation for security appliances.

 

" Traffic shaping rules will apply to traffic sent over an AutoVPN tunnel between Meraki devices. Please note that traffic shaping rules do not apply to traffic that passes over a non-Meraki VPN tunnel."

 

Full link here

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping

 

 

Based on that wording I am not sure if that only refers to site to site or includes client VPN. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Meraki Employee

Re: Traffic shaping on Meraki Client VPN

Hey Josh,

I'd focus on trying to configure split tunnel on Client VPN rather than traffic shaping their traffic for stuff like Netflix. We've got a doc about this: https://documentation.meraki.com/MX/Client_VPN/Configuring_Split_Tunnel_Client_VPN

This would allow employees to access internal resources, and all other traffic wouldn't be routed over the VPN tunnel. It'll save you a lot of bandwidth as all non-internal stuff won't be routed over the Client VPN tunnel and instead use the client's standard internet connection. This means they could still watch Netflix for example, but it won't impact the Hub MX's bandwidth at all.

Kind regards,

--

Connor Loughlin
Network Support Engineer

.:|:.:|:. Cisco Meraki EMEAR 🇬🇧

For reference, many questions can be easily answered by searching our online documentation: http://documentation.meraki.com

View solution in original post

Highlighted
Kind of a big deal

Re: Traffic shaping on Meraki Client VPN

Why not use a split VPN so only traffic for your company goes over the VPN?

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

Highlighted
Kind of a big deal

Re: Traffic shaping on Meraki Client VPN

Or you could exclude all 155 of their ranges from the VPN (split VPN better ...):

https://ipinfo.io/AS2906

Highlighted
Meraki Employee

Re: Traffic shaping on Meraki Client VPN

Also from the same doc:

"Cisco Meraki Client VPN only establishes full-tunnel connections, which will direct all client traffic through the VPN to the configured MX. As such, any content filtering, firewall or traffic shaping rules will apply to the VPN client's outbound traffic. "
Highlighted
Meraki Employee

Re: Traffic shaping on Meraki Client VPN

That's an awesome tool! One I've now bookmarked - thanks for sharing!
Highlighted
Kind of a big deal

Re: Traffic shaping on Meraki Client VPN

>That's an awesome tool! One I've now bookmarked - thanks for sharing!

 

Now if I could just get Meraki to feature it on their blog I could save a lot of companies grief while we wait for AnyConnect.

Highlighted
Conversationalist

Re: Traffic shaping on Meraki Client VPN

I think this is the way to go! Thanks!
Highlighted
Meraki Employee

Re: Traffic shaping on Meraki Client VPN

I'll see what I can do, can't promise anything though! 🙂
Highlighted
Conversationalist

Re: Traffic shaping on Meraki Client VPN

Yeah split tunnel is the way to go and great tool btw! 

Highlighted
Kind of a big deal

Re: Traffic shaping on Meraki Client VPN

>I'll see what I can do, can't promise anything though!

 

I can see you don't work in sales.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.