Meraki

Community

VPN Concentrator for Client VPN

LRH
Here to help
‎Oct 3 2018 1:04 PM
‎Oct 3 2018 1:04 PM

VPN Concentrator for Client VPN

I would like to setup an MX100 in VPN Concentrator mode....but...only use it for my client VPN users to connect to.

 

I have read the deployment guide for the vpn concentrator and it appears as if that is for site-site connections.

 

Can I setup a MX to ONLY terminate client VPN connections?

0 Kudos
9 Replies 9
Welles
Building a reputation
‎Oct 3 2018 1:17 PM
‎Oct 3 2018 1:17 PM

You got it. Server to Server ... i.e. MX to MX or another “device” that is not a client(as in mobile device, i.e. cell phone). 

 

I think people *have* setup IPsec tunnels manually, but that’s another story.  

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 3 2018 4:23 PM
‎Oct 3 2018 4:23 PM

I just tried enabling Client VPN for an MX in VPN Concentrator mode and it took the config just fine.

0 Kudos
In response to PhilipDAth
Welles
Building a reputation
‎Oct 3 2018 5:54 PM
‎Oct 3 2018 5:54 PM

I stand corrected. I thought all that was pulled.

 

Here’s a doc outlining setup details.

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

 

0 Kudos
In response to PhilipDAth
LRH
Here to help
‎Oct 10 2018 1:10 PM
‎Oct 10 2018 1:10 PM

I don't want the MX to participate in any site-site tunnels.....just the client vpn terminations....

 

According to the directions that isn't possible in concentrator mode.....have to use NAT mode with two cables...

0 Kudos
LukasB
New here
‎Feb 20 2019 2:40 AM
‎Feb 20 2019 2:40 AM

I am facing exactly same challenge. Need to setup MX100 only for serving VPN client connections as an one armed VPN concentrator. 

 

According to Meraki guides it it only possible for site-site tunnels. Anyway I plan to test these in the nearest feature.

 

Overall Is it possible to configure it?

0 Kudos
In response to LukasB
Ignat
New here
‎Oct 7 2020 11:22 AM
‎Oct 7 2020 11:22 AM

For those who are looking for a straight answer to this question, yes, client VPN will work if MX appliance configured to be a One-Arm Concentrator. I just configured one and it is working as intended. 

0 Kudos
In response to Ignat
RichardChen1
Getting noticed
‎Oct 12 2020 9:19 PM
‎Oct 12 2020 9:19 PM

@Ignat  thanks for the update. Since the concentrator has a lan ip address. What kind of port forwarding required for client vpn to work? Just udp500/4500 to lan ip?

0 Kudos
In response to RichardChen1
Farooq
Comes here often
‎May 27 2021 10:22 PM
‎May 27 2021 10:22 PM

I am facing same issues setting up mx as a concentrator and only for client vpn. Any updates from anyone on this please

0 Kudos
In response to RichardChen1
KarstenI
Kind of a big deal
Kind of a big deal
‎May 28 2021 2:35 AM
‎May 28 2021 2:35 AM

@RichardChen1 wrote:

Since the concentrator has a lan ip address. What kind of port forwarding required for client vpn to work? Just udp500/4500 to lan ip?

Yes, UDP/500 and UDP/4500 is enough as with NAT-T, after the initial exchanges on UDP/500 all is encapsulated in UDP/4500.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.