Letting end user enable full or split tunnel on AnyConnect client

Solved
JordanCN
Getting noticed

Letting end user enable full or split tunnel on AnyConnect client

I have some user where they want to be sure all their traffic flows through the VPN when they travel to places around the world that might have less than stellar privacy standards.  (Unlike the wonderful privacy standards we have here in the US - LOL)

 

Currently using version 5.0 of the AnyConnect client with our MX devices.  Using Radius authentication with certs.

 

I am using a split tunnel setup for my clients. I have my AnyConnect client configs for my MX devices setup with the following on the dashboard:

  • Client Routing:
    Only send traffic to these destinations: (my local LAN network addresses)
  • Dynamic Client Routing:
    Only send traffic going to these destinations: (List of web addresses)

 

So is there a way to configure the local AnyConnect client so they use my split tunnel config as the default, but be able to turn on full tunneling on their own?  I took a look at the VPN Profile Editor settings, but did not see (or missed) a settings to allow end users to do this.

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

No, there is no way, it's defined on the dashboard configuration.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

No, there is no way, it's defined on the dashboard configuration.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

You could consider getting a Teleworker gateway, the Z4, and run that in full tunnel mode.  Have them use that when they travel.

https://documentation.meraki.com/MX/MX_Overviews_and_Specifications/Z4_Datasheet 

JordanCN
Getting noticed

Hi Phillip,

I use the older Z1 devices now for my home office and some others, but it would be very cumbersome for the team to take them on the road and very expensive for each home office.

Thanks for the suggestion.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels