Meraki

Community

VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

Solved
rcpa0_en
Here to help
‎Mar 14 2020 7:51 PM
‎Mar 14 2020 7:51 PM

VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

Is there a way to only connect VPN_Clients_A to Subnet_A while VPN_Clients_B only connect to Subnet_B?  I have an MX84.

0 Kudos
1 Accepted Solution
In response to rcpa0_en
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 15 2020 12:02 PM
‎Mar 15 2020 12:02 PM

>I do not see how to bind a Client VPN Guest User to a specific Group policy.

 

You assign it the same as any other client.  You locate the VPN user in Network-Wide/Clients (after they have logged in one) and assign the group policy to them.,

View solution in original post

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 15 2020 1:03 AM
‎Mar 15 2020 1:03 AM

It's a bit painful.

 

You'll need to create two group policies with firewall rules to match your requirements.

 

Then apply the group policy to the users as required.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 15 2020 1:21 AM
‎Mar 15 2020 1:21 AM

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...

In response to PhilipDAth
rcpa0_en
Here to help
‎Mar 15 2020 9:17 AM
‎Mar 15 2020 9:17 AM

Sorry, I didn't make it clear.  VPN_Clients_A and B are "Network-wide > (Client VPN Guest) Users" of "Security & SD_WAN > Client VPN", not each user's mobile/remote network devices.

 

I do not see how to bind a Client VPN Guest User to a specific Group policy.

0 Kudos
In response to rcpa0_en
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 15 2020 12:02 PM
‎Mar 15 2020 12:02 PM

>I do not see how to bind a Client VPN Guest User to a specific Group policy.

 

You assign it the same as any other client.  You locate the VPN user in Network-Wide/Clients (after they have logged in one) and assign the group policy to them.,

In response to PhilipDAth
rcpa0_en
Here to help
‎Mar 16 2020 11:35 AM
‎Mar 16 2020 11:35 AM

The client identifier looks like a MAC address but does not match the MAC address of the iPhone, nor the DSL modem at the edge of my network before the ISP.  Where did it come from or how was it generated?

 

If the VPN Guest chooses to use a new device or move the device to a hotel room, will it generate a new Client ID or is the Client ID unique to the VPN Guest account used to login?

 

0 Kudos
In response to rcpa0_en
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 16 2020 11:39 AM
‎Mar 16 2020 11:39 AM

The client ID is related to the username.  It is always the same no matter what device the user is using.

In response to PhilipDAth
rcpa0_en
Here to help
‎Mar 16 2020 11:42 AM
‎Mar 16 2020 11:42 AM

Excellent! Thank you.

Although, why bother displaying the MAC address resembling Client ID when it should show the Client VPN's User ID?
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.