Meraki

Community

Non Meraki Site - To - Site Vpn

GSHJOSE
New here
‎Sep 13 2023 10:53 AM
‎Sep 13 2023 10:53 AM

Non Meraki Site - To - Site Vpn

So I'm having some issues with setting up Site to site VPN non Meraki. We have 1 isp on wan 1 that we are going to get rid of soon, then another isp on wan 2 that we are keeping.

 

I'm trying to setup a site-to-site non-Meraki using wan 2 IP as the public IP. I have it configured and setup with the other vendors' configuration set and confirmed on their side that looks good. 

 

for some reason, the tunnel is not being established. on the VPN status, it says it's using Wan1 IP as a public IP for the VPN. do we have to get rid of wan1 in order to get the tunnel working using wan 2?

 

its been driving me crazy for the past months and we are a two-person it team I mainly do everything and trying to learn about Meraki on the fly. 

0 Kudos
6 Replies 6
leewalhovd
Meraki Employee
Meraki Employee
‎Sep 13 2023 10:59 AM
‎Sep 13 2023 10:59 AM

With multiple WANs you Non-Meraki Site to Site will only use the active primary link, if you are using load balancing it will only establish with the primary link if they are both online. You can select it under Security & SD-WAN > SD-WAN & Traffic Shaping, this would move all client VPN as well. 

In response to leewalhovd
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 13 2023 11:04 AM
‎Sep 13 2023 11:04 AM

Do you have a documentation with this information?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RaphaelL
Kind of a big deal
Kind of a big deal
‎Sep 13 2023 11:12 AM
‎Sep 13 2023 11:12 AM

https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_Non-Meraki_Site-to-site_VPN_Pee... 

Non-Meraki VPN connections are established using the primary Internet uplink.  In the event the primary uplink fails, the VPN connection will use the secondary Internet uplink.

 

Closest I could find

In response to leewalhovd
meraki-newbie
Getting noticed
‎May 5 2024 6:04 AM
‎May 5 2024 6:04 AM

How about using VRRP between 2 MXs.. should the remote non-meraki configured WAN1 shared IP as their remote IP pointing to our MX ? and if we have WAN2 shared IP, should the tunnel configured to WAN2 shared IP as their remote IP as well ?

0 Kudos
In response to meraki-newbie
leewalhovd
Meraki Employee
Meraki Employee
‎May 6 2024 12:05 PM
‎May 6 2024 12:05 PM

If a shared IP is used it would be expected to the use that IP, depending on which interfaces is active/primary for VPNs would determine which of the potentially 2 VIPs to use. 

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 13 2023 11:02 AM
‎Sep 13 2023 11:02 AM

  • In order to bring the tunnel up, you may need to generate interesting traffic which can be done by initiating a ping to an IP address in the remote subnet.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.