VPN inbound Filters

josfonse
Here to help

VPN inbound Filters

Hi all, 

 

Is there a way to filter incoming VPN traffic on the MX?

 

Thank you.

 

4 Replies 4
BrickBR
Here to help

Via SD-WAN with other branches/spokes and Hubs, Client VPN or Third Party VPN? 

 

If via SD-WAN, Security & SD-WAN -> Site-to-site VPN -> Site-to-site outbound firewall.

 

By configuring a "inbound" policy destined to your desired branch or branches, you effectively have an "incoming" filter, even with it being blocked on outbound at the other sites. This is due to the fact that the policy is applied to all firewalls in the org

PhilipDAth
Kind of a big deal
Kind of a big deal

You can only configure outbound VPN filter rules.  To control what can come inbound, you have to restrict what is outbound from other sites.

josfonse
Here to help

In the case of a tunnel to a non-Meraki peer, is there a option available to filter inbound vpn traffic?

 

KarstenI
Kind of a big deal
Kind of a big deal

No, this is IMO the biggest restriction of the MX. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels