Meraki

Community

Best practice for the IPSec VPN health check host?

steakandeggs
Here to help
2 weeks ago
2 weeks ago

Best practice for the IPSec VPN health check host?

According to the documentation, if the primary tunnel is up but the health check probe fails, it fails over to the secondary tunnel. Can the health check IP be a host inside the tunnel? That seems like the best design.

0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

For the MX IPSec VPN health check, it is indeed possible and often recommended to use a host inside the tunnel as the health check IP.

 

Check the documention.

 

Primary and Secondary IPsec VPN Tunnels - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

I didn't know this feature existed.  Cool!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.