Is there a way to redirect Client VPN's users to WAN2?
Right now, they're connecting via WAN1 and I want to redirect their outgoing internet to WAN2. WAN1 is getting oversubscribed due to the huge influx of WFH users and i want to redirect some of the traffic to WAN2.
I'm not sure but is it just via Traffic Shaping and adding my client vpn subnet? Would this cause some assymetrical routing?
1. In "SDWAN and Traffic Shaping" under "Flow preferences" make the primary interface the one you'd like to use for Client VPN. This lets say it is WAN2. (Remember that this will now make the Client VPN connect to 220.127.116.11)
2. Make an ANY/ANY/ANY traffic shaping rule so that traffic will prefer WAN1.
3. Make a 2nd rule that allows ANY traffic with source of 10.2.2.0/24 with destination of 0.0.0.0/0 to prefer WAN2.
That should work. You might also want to make a traffic shaping rule so that "localnet:10.2.2.0/24" is shaped to a per client throughput if you are "full tunneling" your traffic.
If i apply this only and they still connect via WAN1, would that be fine?
That would be Asymmetric. Traffic enters WAN1 and exits WAN2. It would be better to set ANY/ANY/ANY rule for WAN2 and allow VPN Clients to use WAN1 for and "everyone else" to use WAN2. If you have two quality internet links this won't be a problem. However, if WAN2 is 7/1 DSL then this won't be an option.
Meraki VPN makes ALL client traffic go through the MX device. This means if user is watching YouTube instead of working, they are wasting your bandwidth. So for Client VPN users, limiting their bandwidth or might be necessary if you don't have strict policies in place for your network.
You can use split tunneling pretty easily with powershell scripting and Windows 10.
See this thread to look into implementation of Split Tunneling. (Thanks so much to @Nash for that script!)