Meraki

Community

Client VPN traffic via secondary uplink

KrisVerdonck
Here to help
‎Jun 20 2018 3:03 AM
‎Jun 20 2018 3:03 AM

Client VPN traffic via secondary uplink

Hi,

 

I would like to know how to configure the flow preferences so that meraki client vpn isn't going via the primary uplink.

Does anyone has an idea how to achieve this?

 

 

0 Kudos
6 Replies 6
ww
Kind of a big deal
Kind of a big deal
‎Jun 20 2018 5:57 AM
‎Jun 20 2018 5:57 AM

https://community.meraki.com/t5/Security-SD-WAN/Client-VPN-Using-WAN-2-Secondary/m-p/19086

In response to ww
KrisVerdonck
Here to help
‎Jun 20 2018 6:02 AM
‎Jun 20 2018 6:02 AM

Hi,

This is not what I'm searching for.
I already have the WAN2 as primary uplink (as there is a flow preference problem for VOICE, and Meraki advised this setup as solution). Now I want the clinet vpn to go over the secondary WAN (WAN1).

Is there a way to change the flow preferences so I this is possible?

KR,
0 Kudos
In response to KrisVerdonck
Adam
Kind of a big deal
‎Jun 20 2018 6:41 AM
‎Jun 20 2018 6:41 AM

One point worth clarifying initially is that the secondary WAN would be referred to as WAN2.  Primary as WAN1. 

 

If you go to Security Appliance>Traffic Shaping there are two options.  Flow Preference - Internet Traffic and Flow Preference - VPN Traffic.  It sounds like you are just wanting to configure the VPN traffic preference so you'd setup something like this.  Remember this is destination-based routing so you'd have to configure accordingly. 

 

Capture.PNG

 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
In response to Adam
ww
Kind of a big deal
Kind of a big deal
‎Jun 20 2018 6:53 AM
‎Jun 20 2018 6:53 AM

@Adam wrote:

 

If you go to Security Appliance>Traffic Shaping there are two options.  Flow Preference - Internet Traffic and Flow Preference - VPN Traffic.  

 

 

 

isn't that only for site2site vpn and not for client vpn?. i don't think there is another option then described in the earlier linked topic. maybe ask meraki if the flow preference bug for voice is fixed in a beta code.

0 Kudos
In response to ww
Adam
Kind of a big deal
‎Jun 20 2018 7:17 AM
‎Jun 20 2018 7:17 AM

@ww wrote:
@Adam wrote:

 

If you go to Security Appliance>Traffic Shaping there are two options.  Flow Preference - Internet Traffic and Flow Preference - VPN Traffic.  

 

isn't that only for site2site vpn and not for client vpn?. i don't think there is another option then described in the earlier linked topic. maybe ask meraki if the flow preference bug for voice is fixed in a beta code.

Ah you're right, haven't had my coffee yet. So maybe he can put the client VPN traffic on a dedicated subnet and use that to set the flow preference?  Or does it sound like he is wanting the traffic just to come in on that secondary WAN interface?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
T-800
Here to help
‎Jun 20 2018 8:50 AM
‎Jun 20 2018 8:50 AM

Lets clarify.

 

WAN1 = All other traffic

WAN2 = Client VPN traffic

 

For clients to connecting to WAN2 on the MX from the outside world, you would have use static IP (or meraki dynamic dns name) of the connection that you'd like clients to connect to the connection address. There is no way to make incoming INTERNET connections prefer a wan connection. 

 

For outbound traffic to client, make a traffic shaping rule that forces "any traffic" to "CLIENT VPN SUBNET" prefers WAN2. 

 

By doing this you have no fail-over for VPN clients, but you have achieved what you are trying to achieve. 

 

T-800

 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.