2 WAN load balancing client VPN

Ahoste
Getting noticed

2 WAN load balancing client VPN

Hi,

 

We have an MX250 with 2 WAN connections and the load balancing setting enabled.

 

WAN 1 is a fiber with a lot less latency (1ms) and 200 down & 200 up.

WAN 2 is an COAX with higher latency (10ms) and 650 down but only 50 up.

 

So when clients connect over the client VPN do I want them to connect by using WAN 1 static ip or do i give them the serveraddress assigned by Meraki and let Meraki do the loadbalancing? will it take the latency into account?

 

Any insight is much appreciated.

 

cheers

 

 

8 REPLIES 8
KarstenI
Kind of a big deal
Kind of a big deal

Client VPN only uses the primary Uplink and falls over to the secondary if the primary does not work.

Using the provided hostname instead of the static IP ensures that the client-VPN will still work when the primary link fails.

Hi 

 

Thanks for the info.

 

However when I connect over VPN using the hostname and then check my public IP it shows the WAN 2 public IP.

Wan 1 is working just fine so there would be no reason to failover.

 

Cheers

ww
Kind of a big deal
Kind of a big deal

Your primary wan is set to wan1 @ sd-wan & traffic shaping?

 

Or are there any flow preferences configured?

Ahoste
Getting noticed

Hi,

yep it is. and no flows

Ahoste_0-1602168494076.png

 

ww
Kind of a big deal
Kind of a big deal

You can try use the flow preference to send the vpn source subnet to wan1.

Not sure if that works ..

cmr
Kind of a big deal
Kind of a big deal

@Ahoste checking your public IP only shows what you are going out of the firewall as, not what you are connecting to from the VPN.  If you look at the client traffic you should see which IP it is connecting to for the VPN

KarstenI
Kind of a big deal
Kind of a big deal

I assume it could be based on the enabled load balancing. While you connect to then primary uplink, your client traffic will leave the MX load-balanced on either WAN1 or WAN2 based on the configured WAN-speeds.

ww
Kind of a big deal
Kind of a big deal

Client  vpn only uses primary wan port

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels