So I'm having some issues with setting up Site to site VPN non Meraki. We have 1 isp on wan 1 that we are going to get rid of soon, then another isp on wan 2 that we are keeping.
I'm trying to setup a site-to-site non-Meraki using wan 2 IP as the public IP. I have it configured and setup with the other vendors' configuration set and confirmed on their side that looks good.
for some reason, the tunnel is not being established. on the VPN status, it says it's using Wan1 IP as a public IP for the VPN. do we have to get rid of wan1 in order to get the tunnel working using wan 2?
its been driving me crazy for the past months and we are a two-person it team I mainly do everything and trying to learn about Meraki on the fly.
With multiple WANs you Non-Meraki Site to Site will only use the active primary link, if you are using load balancing it will only establish with the primary link if they are both online. You can select it under Security & SD-WAN > SD-WAN & Traffic Shaping, this would move all client VPN as well.
Do you have a documentation with this information?
Non-Meraki VPN connections are established using the primary Internet uplink. In the event the primary uplink fails, the VPN connection will use the secondary Internet uplink.
Closest I could find
How about using VRRP between 2 MXs.. should the remote non-meraki configured WAN1 shared IP as their remote IP pointing to our MX ? and if we have WAN2 shared IP, should the tunnel configured to WAN2 shared IP as their remote IP as well ?
If a shared IP is used it would be expected to the use that IP, depending on which interfaces is active/primary for VPNs would determine which of the potentially 2 VIPs to use.