Meraki

Community

Cellular and VPN in MX

Solved
Senan_Rogers
Getting noticed
‎Nov 9 2017 9:49 AM
‎Nov 9 2017 9:49 AM

Cellular and VPN in MX

Hello, Gents,

I am using a cellular (USB Modem)  as a backup connection and I have my Primary connection is a cable connection in WAN1. 

I have a VPN connection with a Hub  Meraki  ( I am using the auto VPN ) .

 

If we have the active WAN interfaces went down, the 3G / 4G ( Cellular USB)  failover will kick in when  WAN connections fail, So my Question will be concerning the VPN,  Will the VPN will switch automatically to the Cellular  USB  if WAN  is down? I know they will be a 5-15 second as a down time But my Question will the VPN connection will be transfered automaticaly to the Cellular USB  if the WAN  goes down or there is a manuel action I need to do it or it will not be switch automaticaly.  

 

Thank you 

 

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 9 2017 10:30 AM
‎Nov 9 2017 10:30 AM

It will transfer across automatically.  You wont have to do anything.

View solution in original post

0 Kudos
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 9 2017 10:30 AM
‎Nov 9 2017 10:30 AM

It will transfer across automatically.  You wont have to do anything.

0 Kudos
In response to PhilipDAth
Billy
Getting noticed
‎Jan 7 2018 3:10 PM
‎Jan 7 2018 3:10 PM

I use one MX100 as a Spoke VPN client, with 2x WAN links and a Cellular backup (AirCard 320U), which is configured with 4 VLANs.

When it failovers to Cellular, I can ping everything from/to that remote site by using the IP, including devices and hosts on the local subnet and remote servers, however I have issues accessing anything to the internet or remote resources from the users' VLAN, or resolving anything using DNS.

My first thought was that it might be a firewall related issue, however the access rules over the Cellular failover rules is permit Any Any (no changes in that field).

One of the VLANs that is used for generic Guest Internet access and is not advertised over the VPN, has no issues accesing the internet.

Any thoughts on what might be the issue?

0 Kudos
In response to Billy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 7 2018 6:42 PM
‎Jan 7 2018 6:42 PM

@Billy you might find one provider is blocking access to its DNS revolvers from another providers network.

 

Try configuring DHCP to use generic DNS servers, like Google's 8.8.8.8 and 8.8.4.4 - which should work via any provider.  Unless you are using AD ...

0 Kudos
In response to PhilipDAth
Billy
Getting noticed
‎Jan 7 2018 7:08 PM
‎Jan 7 2018 7:08 PM

@PhilipDAth it looks like it had something to do with the flow preferences. If configured for using WAN1 and failover if "poor performance" it wouldn't let the traffic to pass through.

 

As soon as I removed the flow preferences, I was able to access everything. Looks like it was trying to failover to WAN2, ignoring the cellular interface and the fact that WAN2 interface was also down.

 

I am still working on the details

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.