Ok let me try to explain better.   I do not have ISE since its an additional cost I would get this if I could but right now I am just using Meraki MX.   The aim is just to isolate the traffic from one endpoint/endpoints with a group policy applied so that it only goes to one VPN client/clients with a group policy also applied.   I cannot isolate the traffic because the group policy only supports IP addresses. Any traffic I allow from the endpoints group policy has to go to the entire IP subnet for VPN clients. This is because I would have to change the specific IP addresses allowed for the endpoint group policy each time the VPN clients IP's change since they randomly do so upon VPN connection.   If I could just say allow traffic going to these group policy tagged clients then it would work easy without static IP.   As far as I have seen there is no feature for that for Meraki MX VPN clients. ... View more

I am using group policy via Meraki MX already but maybe I am doing it wrong?   The intention by setting the static IP is so that an on premise endpoint will only talk to that one client over VPN.   So in this case I can solve this issue by making every client on the VPN not able to talk to said endpoint over group policy but I have to set this rule for every client in group policy to not talk to the endpoint.   The static IP for the VPN client would just make it so I have to change the group policy on the endpoint and then the single VPN client so they can allow traffic to each other via their static IP's.   Hopefully that makes sense. Please let me know I can try to explain more.     ... View more

I will try the SAML method and see if it works.   Thank you ... View more