AutoVPN going using secondary VPN connection even though Primary is up

Solved
JordanCN
Getting noticed

AutoVPN going using secondary VPN connection even though Primary is up

We are using the MX-84 appliances to connect our sites via auto-vpn setup.  The site that has the shared resources has 2 Internet connections:

 

  • WAN 1: 200 Mbps Microwave (our original Internet access which was replaced because it can be problematic)
  • WAN 2: 200 Mbps Fiber (put in recently to replace Microwave as primary)

 

In SD-WAN settings we have the following settings:

  • Primary Uplink - WAN 2 (the fiber connection)
  • WAN Failover - Graceful
  • Load Balancing - Disabled
  • Active-Active VPN - Enabled

 

WAN 2 (the fiber) had no issues for the past year+ and still appeared to be working fine, however our site to site VPN tunnels fell over to the problematic WAN 1 the other day and caused a lot of issues with connecting to resources accross the WAN.  It was very hard to realize this was the issue because Internet tests ran perfectly and showed traffic going out WAN 2.  It took a little while for us to figure out it was due to the VPN failing over to WAN 1.

 

I assume that at some point WAN 2 had an issue and the VPN tunnels fell over to WAN 1, but shouldn't the VPN have fallen back to WAN 2 once any issue cleared up? Do I have to Disable Active Active to get to ensure the Primary WAN 2 is used?

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

Yes, the active active will use both uplinks.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal

Yes, the active active will use both uplinks.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal

With WAN failover set to graceful existing connections will continue to remain failed over.

 

For example, with WAN 2 as primary, if WAN 2 goes down, connections all failover to WAN 1. When WAN 2 comes back online, new connections will go out WAN 2 but existing connections will go out WAN 1.

 

If you want all connections to immediately failback to the primary uplink, you need to change WAN Failover to Immediate.

while new connections start 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels