Meraki

Community

View Client VPN Sessions with hostname

Solved
Dennoh
Here to help
‎Oct 29 2020 8:36 AM
‎Oct 29 2020 8:36 AM

View Client VPN Sessions with hostname

We have build-in windows VPN  to a Cisco/Meraki Firewall and we have configured the windows clients to connect using hostname instead of the public IP address. Some clients connect to vpn1.xyz.com and some other users to connect to vpn2.xyz.com.

On the dashboard(Network-Wide>Clients), we can only view the IP addresses & MAC Addresses associated with the Client VPN sessions. Is it possible to view the clients that are connected to each hostname instead?

0 Kudos
1 Accepted Solution
In response to Dennoh
CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Nov 5 2020 10:05 AM
‎Nov 5 2020 10:05 AM

In that case, there is no way from the Meraki end to determine which user is connecting. The end client is going to do the DNS lookup and get the IP of the MX. Neither the MX nor dashboard would be able to see how the client got the IP of the MX. 

View solution in original post

5 Replies 5
cmr
Kind of a big deal
Kind of a big deal
‎Oct 29 2020 10:21 AM
‎Oct 29 2020 10:21 AM

@Dennoh For Meraki in general it doesn't seem to use reverse lookup to DNS servers to identify client hostnames.  Sometimes you get a name, sometimes the horrible mDNS name etc.  If they are your clients then unless you have thousands, or they change all the time, do a lookup yourself or reference an asset tracking system for the MAC if you have one and then edit the client records.  The Meraki network will then remember the name you have entered and show it in preference to the other options.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 29 2020 12:34 PM
‎Oct 29 2020 12:34 PM

You can't view clients by which DNS name they connected to.

CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Oct 29 2020 5:51 PM
‎Oct 29 2020 5:51 PM

Not quite sure if I'm misunderstanding what you're trying to determine.

 

Do both of the DNS CNAMEs point to the same MX? I would think that you would be pointing to a different MX depending on which VPN hostname they connected to. In which case the clients would be listed in two separate networks. vpn1 will be for MX1 in network 1. vpn2 will be for MX2 in network 2. Each site will have its own client VPN subnet that is being used to hand out IP addresses. You could deduce which VPN they are connected to by looking at the IP address that the client received from the MX. 

 

Even if you're using a DNS load balancer to spread out the clients, you would only see the client connecting on the network that they ultimately get routed to. However, in this case, you wouldn't really be able to rely on any of the historical numbers as users could easily be hopping from one to another. 

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Load_Sharing

0 Kudos
In response to CN
Dennoh
Here to help
‎Nov 3 2020 12:58 PM
‎Nov 3 2020 12:58 PM

@CN  Thank you for your response. Both CNAMES point to the same MX/Public IP ,so the clients are sharing a single subnet to connect to the VPN.

0 Kudos
In response to Dennoh
CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Nov 5 2020 10:05 AM
‎Nov 5 2020 10:05 AM

In that case, there is no way from the Meraki end to determine which user is connecting. The end client is going to do the DNS lookup and get the IP of the MX. Neither the MX nor dashboard would be able to see how the client got the IP of the MX. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.