VPN clients subnet

hmc250000
Here to help

VPN clients subnet

Simple question. Can you use a subnet for VPN clients that is also used on the LAN interface of the MX?

So you are basically bridging and not routing. between VPN clients and the inside LAN. This was possible with Cisco ASA's.

 

I want to avoid having to waste an entire subnet.

 

Thanks.

 

6 REPLIES 6
BrandonS
Kind of a big deal

Re: VPN clients subnet

No, that wouldn't make sense to overlap or be the same.  It needs to be unique.

 

What do you mean waste a subnet?  There are over 16 million RFC1918 addresses you can slice up and subnet however you like.

DashboardDunce
Meraki Employee

Re: VPN clients subnet

+1 @BrandonS !

 

Think of it as creating a new, fresh, logical separation between all your other subnets... and not wasting! O:) 

hmc250000
Here to help

Re: VPN clients subnet

Is it possible to configure a DHCP relay (server resides on the inside LAN) for VPN clients?

BrandonS
Kind of a big deal

Re: VPN clients subnet

I don't think so.  Last I checked it assigns the addresses from the client VPN subnet dynamically and you can only set DNS and WINS.

DashboardDunce
Meraki Employee

Re: VPN clients subnet

Nope. 

 

Client VPN is VERY basic and does just that. 

Now if you want to get FANCY and see where most of our work has been going... Check out using AnyConnect for Meraki MXs! 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance

hmc250000
Here to help

Re: VPN clients subnet

Interesting. We are a midsized company and sometimes require not so simple solutions to make things work globally.

 

Thanks.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.