Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Regarding MX VPN tunnel

Solved
KSM
Here to help
‎Nov 9 2023 11:16 PM
‎Nov 9 2023 11:16 PM

Regarding MX VPN tunnel

Hi~
 
MX has Uplink WAN 1,2.
I'm going to configure tunneling between the Meraki MX95 and the vMX.
 
Connect Auto VPN to WAN 1
 
If WAN 1 goes down, can I IPSEC with AWS VPC GW on WAN 2 to create a redundant configuration?
0 Kudos
Subscribe
1 Accepted Solution
rdominguez
Meraki Employee
Meraki Employee
‎Nov 11 2023 4:56 PM
‎Nov 11 2023 4:56 PM

Hello @KSM, as @GIdenJoe has indicated, the MX has a failover process when there are two different WAN links available. So, an IPSec VPN connection is not necessary. You can find information about the failover behavior in the link below. 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Failover_Behavior

View solution in original post

Subscribe
8 Replies 8
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Nov 10 2023 3:48 AM
‎Nov 10 2023 3:48 AM

Adopting the approach https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover should help you out here. The only difference is that this is based on two 3rd party S2S connections.

Subscribe
In response to CptnCrnch
KSM
Here to help
‎Nov 13 2023 8:08 PM
‎Nov 13 2023 8:08 PM

Thank you so much for your response.!!

0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 11 2023 9:14 AM
‎Nov 11 2023 9:14 AM

You are talking about auto VPN between an MX and a vMX.  That means you can just choose 1 WAN or concurrently both WAN's.  You don't need to do anything.  That means you don't need an IPsec VPN as backup since the autoVPN is already redundant via your both WAN's.

Subscribe
In response to GIdenJoe
KSM
Here to help
‎Nov 13 2023 8:08 PM
‎Nov 13 2023 8:08 PM

Thank you so much for your response.!

0 Kudos
Subscribe
rdominguez
Meraki Employee
Meraki Employee
‎Nov 11 2023 4:56 PM
‎Nov 11 2023 4:56 PM

Hello @KSM, as @GIdenJoe has indicated, the MX has a failover process when there are two different WAN links available. So, an IPSec VPN connection is not necessary. You can find information about the failover behavior in the link below. 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Failover_Behavior

Subscribe
In response to rdominguez
KSM
Here to help
‎Nov 13 2023 8:07 PM
‎Nov 13 2023 8:07 PM

WAN port 1 connects with AUTO VPN between MX95 and vMX.

WAN port 2 is an IPSEC connection between MX95 and AWS.

If WAN 1 goes down, WAN 2 automatically takes over.

Is this possible?

And as an additional question, if I only use WAN 1, will it work if I use AUTO VPN and IPSEC at the same time?

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 12 2023 10:36 AM
‎Nov 12 2023 10:36 AM

>If WAN 1 goes down, can I IPSEC with AWS VPC GW on WAN 2 to create a redundant configuration?

 

No, you can't do failover between a VMX and an AWS VPC VPN.  As others have said, the VMX and the MX95 will fail over automatically between the links.

Subscribe
In response to PhilipDAth
KSM
Here to help
‎Nov 13 2023 8:08 PM
‎Nov 13 2023 8:08 PM

Thank you so much for your response.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.