We have a mix of MX67C, and Z3C, and a primary VPN built to a Juniper SSG Firewall. We are looking to enable the celluar failover. Is the celluar IP reachable to maintain two VPN tunnels and failover the routing to celluar when the primary fails?
So to set up and test I will have to pull the primary WAN and set it up over the failover. On the Meraki side the profile would not change, it is the peer (Juniper) that will have two profiles, one to the Meraki Primary WAN and one to the LTE IP address.
If you are configuring the Juniper using an IP address you will need to obtain a static IP for your cellular device.
This is likely to be nasty because the Juniper could see the VPN come in from different peer IP addresses. My guess is you wont get this working.
You'll need to be able to configure the Juniper to terminate the VPN based on the subnets presented, the PSK, or something else that uniquely identifes the sites.
Assuming you can't replace the Juniper could you perhaps put a Meraki MX behind the Juniper and run it in VPN concentrator mode? Then you could use AutoVPN, and the Juniper would only need a route on it to get to the remote Meraki sites.
So much simpler and handles all the complex failover cases without any creatig any complexity.
@PhilipDAth wrote:
Assuming you can't replace the Juniper could you perhaps put a Meraki MX behind the Juniper and run it in VPN concentrator mode? Then you could use AutoVPN, and the Juniper would only need a route on it to get to the remote Meraki sites.
So much simpler and handles all the complex failover cases without any creatig any complexity.
^^^^ This sort of approach works extremely well, in my experience.