VPN: tunnel data to a concentrator

SOLVED
Gx3
Conversationalist

VPN: tunnel data to a concentrator

hello, 

 

just a questin regarding  VPN: tunnel data to a concentrator for SSID

 

Layer 3 roaming with a concentrator is clear , the client is projected in the vlan directly attached to mx appliance and gets an ip from a remote DHCP

 

what happens when using VPN: tunnel data to a concentrator option?

(this is needed as we would like to use split tunnel )

the client still gets is IP from remote DHCP? 

how is handled traffic from client leaving the AP outside the vpn? 

 

sorry it seems I cannot find this kind of informations googling on...

 

thank you in advance

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Bruce
Kind of a big deal

Re: VPN: tunnel data to a concentrator

@Gx3, wasn't sure on this one so I thought I'd let someone else respond. But obviously no-one else knew either. So I've just run in through my lab.

 

In split tunnel mode the client still gets the DHCP address from the remote (VPN concentrator) network.

In split tunnel mode if the traffic isn't going into the tunnel it is NATed to the management IP address.

 

Hope this confirms what you expected.

View solution in original post

6 REPLIES 6
Inderdeep
Kind of a big deal

Re: VPN: tunnel data to a concentrator

Hi @Gx3 Did you check the below post on VPN Concentrator Deployment Guide

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

 

Regards
Inderdeep Singh

 

Regards
Inderdeep Singh
www.thenetworkdna.com ( Awarded by Cisco IT Blogs award 2020)
Gx3
Conversationalist

Re: VPN: tunnel data to a concentrator

Thank you for the link but still cannot find an answer in that document

 

MX appliance is in passtrough mode  (external dhcp)

 

I presume the wireless clients on ssid configured in Tunnel mode to concentrator  will get ip from that dhcp

but (assuming that) how split tunnel traffic (non vpn) can be handled ? (maybe via a nat mode on the local subnet ?)

 

sorry if I'didn't see that information

 

thank you

 

 

 

 

Gx3
Conversationalist

Re: VPN: tunnel data to a concentrator

up

Gx3
Conversationalist

Re: VPN: tunnel data to a concentrator

hello noone can answer this?

 

thanks

Bruce
Kind of a big deal

Re: VPN: tunnel data to a concentrator

@Gx3, wasn't sure on this one so I thought I'd let someone else respond. But obviously no-one else knew either. So I've just run in through my lab.

 

In split tunnel mode the client still gets the DHCP address from the remote (VPN concentrator) network.

In split tunnel mode if the traffic isn't going into the tunnel it is NATed to the management IP address.

 

Hope this confirms what you expected.

View solution in original post

Gx3
Conversationalist

Re: VPN: tunnel data to a concentrator

Yes! Thank you so much!!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.