Ways to limit certain VPN users

Justfixit
Here to help

Ways to limit certain VPN users

I just found out that you can’t setup VPN client users with different permissions to LAN and VLANS.  Does anyone have workaround?  I am trying to have one user login and be able to see only a certain VLAN assets; while another user can have full access to the entire LAN.  

 

 

3 REPLIES 3
perrosenlind
Conversationalist

Hi,

 

I'm using a "black hole" setup together with Group polcies to solve this. This is what I've done:

  • Isolate the connectivity from the VPN-client subnet to none or internet only (if you are using a full tunnel.)
  • Create a group policy
    • Add "override" priviliges to this group that matches your conditions

Note that when you use this type of setup you need to administer all incomming connections. I haven't tried this with LDAP integration module, only with radius which doesn't support mapping of users into groups in this case.

 

How did you "Isolate the connectivity from the VPN-client subnet to none" ?

I denied traffic to any from the VPN subnet.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels