VPN and Security

Gordon
Getting noticed

VPN and Security

With the current situation in the world we are relying on VPN connections to our network heavily. I need some way to control access for different users. For example I want to be able to assign different rules for my IT staff than I do a regular user. Without being able to assign a group policy to a VPN connection and not being able to assign a static IP address to system I have no way of achieving this.

 

Does anyone have a suggestion for this?

5 Replies 5
cmr
Kind of a big deal
Kind of a big deal

If you use a device for IT staff (say a small MX or a Z3) then you can give lots of access to those devices and different access between them if needed.  Then you can use the client VPN for normal users.  I am testing this right now 😎

CptnCrnch
Kind of a big deal
Kind of a big deal

Current state of the union when it comes down to user differentiation and access: Zero Trust.

 

“Just“ secure access to your specific application with Multi-factor Authorization like Duo.

PhilipDAth
Kind of a big deal
Kind of a big deal

When you create the VPN account connect once as that user (or what till they have connected once).  Once they have connected apply a group policy with firewall rules.  This will then stick on then every time they connect.

That does not work properly.  I tried that.  What ends up happening since the group policy can not attach to a MAC address the group policy over time gets randomly assigned to different systems.  I have a policy for IT staff.  There are only three of us.  When I go in and look at the client list that policy is currently assigned to 10 different systems.

Coesione_srl
Here to help

Hi @Gordon 

I think you can achive your target with System Manager.

https://documentation.meraki.com/SM/Profiles_and_Settings/Systems_Manager_VPN_Configurations_and_Sen...

Try it and let me know what do you think about.

Regard,

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels