Client VPN traffic via secondary uplink

KrisVerdonck
Here to help

Client VPN traffic via secondary uplink

Hi,

 

I would like to know how to configure the flow preferences so that meraki client vpn isn't going via the primary uplink.

Does anyone has an idea how to achieve this?

 

 

6 Replies 6
ww
Kind of a big deal
Kind of a big deal
KrisVerdonck
Here to help

Hi,

This is not what I'm searching for.
I already have the WAN2 as primary uplink (as there is a flow preference problem for VOICE, and Meraki advised this setup as solution). Now I want the clinet vpn to go over the secondary WAN (WAN1).

Is there a way to change the flow preferences so I this is possible?

KR,
Adam
Kind of a big deal

One point worth clarifying initially is that the secondary WAN would be referred to as WAN2.  Primary as WAN1. 

 

If you go to Security Appliance>Traffic Shaping there are two options.  Flow Preference - Internet Traffic and Flow Preference - VPN Traffic.  It sounds like you are just wanting to configure the VPN traffic preference so you'd setup something like this.  Remember this is destination-based routing so you'd have to configure accordingly. 

 

Capture.PNG

 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
ww
Kind of a big deal
Kind of a big deal


@Adam wrote:

 

If you go to Security Appliance>Traffic Shaping there are two options.  Flow Preference - Internet Traffic and Flow Preference - VPN Traffic.  

 

 

 


isn't that only for site2site vpn and not for client vpn?. i don't think there is another option then described in the earlier linked topic. maybe ask meraki if the flow preference bug for voice is fixed in a beta code.

Adam
Kind of a big deal


@ww wrote:

@Adam wrote:

 

If you go to Security Appliance>Traffic Shaping there are two options.  Flow Preference - Internet Traffic and Flow Preference - VPN Traffic.  

 


isn't that only for site2site vpn and not for client vpn?. i don't think there is another option then described in the earlier linked topic. maybe ask meraki if the flow preference bug for voice is fixed in a beta code.


Ah you're right, haven't had my coffee yet. So maybe he can put the client VPN traffic on a dedicated subnet and use that to set the flow preference?  Or does it sound like he is wanting the traffic just to come in on that secondary WAN interface?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
T-800
Here to help

Lets clarify.

 

WAN1 = All other traffic

WAN2 = Client VPN traffic

 

For clients to connecting to WAN2 on the MX from the outside world, you would have use static IP (or meraki dynamic dns name) of the connection that you'd like clients to connect to the connection address. There is no way to make incoming INTERNET connections prefer a wan connection. 

 

For outbound traffic to client, make a traffic shaping rule that forces "any traffic" to "CLIENT VPN SUBNET" prefers WAN2. 

 

By doing this you have no fail-over for VPN clients, but you have achieved what you are trying to achieve. 

 

T-800

 

 

 

Get notified when there are additional replies to this discussion.