Cisco Meraki - Wireless Access Points as a Teleworker VPN

Meraki Teleworker VPN enables administrators to extend the corporate LAN to employees at remote sites with Meraki AP’s without requiring client devices to have client VPN software installed and running. The experience of wireless clients connected to remote AP’s will be the same as though they were located at headquarters, with full corporate network access.

Typical Use Cases Teleworker VPN can be used to connect small branch offices (<5 people), teleworker or executive home offices, temporary site offices (eg. construction sites) and traveling employees on the road back to the corporate LAN and provide access to corporate resources back at headquarters.

How it Works A Meraki AP at a remote site establishes a layer 2 connection using an IPSec-encrypted UDP tunnel back to the corporate LAN. Tunnels are established on a per SSID basis, and terminate at headquarters on a Meraki MX security appliance.  Since most corporate LANs are located behind a firewall and NAT, the Meraki Cloud can negotiate a connection between the remote AP and the MX across a NAT, or a manual port-forwarding method can be used to establish a connection.

Both wireless and wired client traffic at the remote site can be tunneled. Wired clients connected directly to a Meraki AP can have their traffic tunneled. This configuration is compatible with any Meraki Enterprise MR-series AP.

For more info check it out here - https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/MR_Teleworker_VPN