cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

SOLVED
Highlighted
Here to help

VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

Is there a way to only connect VPN_Clients_A to Subnet_A while VPN_Clients_B only connect to Subnet_B?  I have an MX84.

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

>I do not see how to bind a Client VPN Guest User to a specific Group policy.

 

You assign it the same as any other client.  You locate the VPN user in Network-Wide/Clients (after they have logged in one) and assign the group policy to them.,

View solution in original post

7 REPLIES 7
Highlighted
Kind of a big deal

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

It's a bit painful.

 

You'll need to create two group policies with firewall rules to match your requirements.

 

Then apply the group policy to the users as required.

Highlighted
Kind of a big deal

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

Highlighted
Here to help

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

Sorry, I didn't make it clear.  VPN_Clients_A and B are "Network-wide > (Client VPN Guest) Users" of "Security & SD_WAN > Client VPN", not each user's mobile/remote network devices.

 

I do not see how to bind a Client VPN Guest User to a specific Group policy.

Kind of a big deal

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

>I do not see how to bind a Client VPN Guest User to a specific Group policy.

 

You assign it the same as any other client.  You locate the VPN user in Network-Wide/Clients (after they have logged in one) and assign the group policy to them.,

View solution in original post

Highlighted
Here to help

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

The client identifier looks like a MAC address but does not match the MAC address of the iPhone, nor the DSL modem at the edge of my network before the ISP.  Where did it come from or how was it generated?

 

If the VPN Guest chooses to use a new device or move the device to a hotel room, will it generate a new Client ID or is the Client ID unique to the VPN Guest account used to login?

 

Highlighted
Kind of a big deal

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

The client ID is related to the username.  It is always the same no matter what device the user is using.

Highlighted
Here to help

Re: VPN_Clients_A to Subnet_A and VPN_Clients_B to Subnet_B

Excellent! Thank you.

Although, why bother displaying the MAC address resembling Client ID when it should show the Client VPN's User ID?
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.