Communication in Wan 2 is failed - SDWAN

Solved
aedm87
Conversationalist

Communication in Wan 2 is failed - SDWAN

Hi dears,

 

Community I need your help.

 

MX-HQ - MX in the HQ

MX-B - MX in the branch

 

I am trying run SD-WAN between HQ and branch, in wan 1 have connected a DIA and in wan 2 have connected the circuit mpls.

The communication in wan 1 is successfully to MX-HQ throug Internet, but the communication in wan 2 throug mpls is failed.

I have tested make a ping from MX-B to MX-HQ through the mpls circuit but there is not response. however, a ping from MX-B to the router in the branch that want replace with other ip address is successfully.

 

The segment mpls is a /25. so that all devices in this segment can see each other.

 

Any idea about this issue.

 

 

1 Accepted Solution
jdsilva
Kind of a big deal


@aedm87 wrote:
 But in my case is necessary two wan active to run SD-WAN and understand that is possible with one DIA and one MPLS.

Sorry, but this is not currently possible. 

 

 

View solution in original post

14 Replies 14
NolanHerring
Kind of a big deal

If you could provide us with screenshots of the addressing and vlans and SD-WAN and Traffic Shaping pages please 😃
Nolan Herring | nolanwifi.com
TwitterLinkedIn
aedm87
Conversationalist

Hi Nolan, thank you for your response.

 

For now I have not configured nothing in SD-WAN and Traffic Shaping. only enable wan 2 how primary uplink.

 

In addressing and vlans only I have created the subnets and vlans of the lan. without static route and of course the mx in mode routed.

 

 

jdsilva
Kind of a big deal


@aedm87 wrote:

 

 

 and in wan 2 have connected the circuit mpls.

 

 


This is not supported. Meraki requires Internet access on the WAN ports of an MX. You cannot connect Private MPLS to the WAN port. You must use a LAN port (which means you can't use SD-WAN).

aedm87
Conversationalist

Hi Jdsilva,

The Model is a MX67C, this model only has one wan but I enabled one lan port to that work it like a secondary wan.

you want tell me that is not necessary converted one lan port to wan port to connected the mpls circuit?

In that case, I understand then I would not really have load balancing between wan 1 and wan 2.
Nash
Kind of a big deal

Are you trying to do something like AutoVPN as well as MPLS?

 

If so, Meraki has a document here on how to configure a failover situation. Please note that it does not discuss load balancing across the two links, as they are not both WAN.

 

Please also note that it clearly shows the MPLS connected as a LAN connection, as opposed to WAN. You might also find this article useful.

aedm87
Conversationalist

Hi Nash,

Are you trying to do something like AutoVPN as well as MPLS?
Yes, that is the objective.

The documentation that you mentionate I have review it already. But in my case is necessary two wan active to run SD-WAN and understand that is possible with one DIA and one MPLS.
jdsilva
Kind of a big deal


@aedm87 wrote:
 But in my case is necessary two wan active to run SD-WAN and understand that is possible with one DIA and one MPLS.

Sorry, but this is not currently possible. 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

You can run AutoVPN over MPLS.  This is the deployment guide.  It allows for full SDN.

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

You can use MPLS with simple failover to AutoVPN:

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

 

 

There is also a super new beta feature called NO-NAT available in the 15.x code.  The documentation for this has been removed as it is being updated, but you could consider this option as well.

aedm87
Conversationalist

Thank you PhilipDAth,

I hope to release soon this version....
aedm87
Conversationalist

Wow that if is bad.

If the world is not perfect because technology has to be =(

hianilz
Getting noticed

Hi All,

 

i am facing same kind of issues.., can some help on this ??

 

 my WAN1 is conencting to Internet and WAN2 is to MPLS.

 

I need to maintain a Auto VPN for both WAN's.. 

 

At the moment my WAN2 interface status showing as "Failed" and not able to ping the gateway(which is ISP router and directly connected)

 

I know WAN2 interface will be active once it has internet reachability., but for i am trying to add one static route pointing to my Firewall interface from same subnet.., but again below error i am getting.

 

"The static LAN route "test" has an invalid next hop IP. The IP address 10.20.33.236 is not on a configured subnet"

 

kindly suggest on anove problem as we deployment in a week.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

You can't add a static route via a WAN port, but you can add a flow preference - but these only work if the WAN port is marked as up - which it isn't in your case.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen... 

hianilz
Getting noticed

Hi Phillip,

 

Thanks for your reply, I understood that we can not add static route via WAN port. But WAN2 port is still DOWN that will come up only if that interface reachable to Internet for that reason we want to add static rotue towards the LAN which firewall has Internet connection. 

Do you think if i add Flow Preference source as "MPLS Private subnet" and desitnation as "Dashboard IP's " and Preferred Link as "WAN1" which is Internet connected at the moment.

 

Please we need your advise on this problem.., we have deployment on Friday. 

hianilz
Getting noticed

Hi @PhilipDAth  as per your suggistion i had added flow preference below is the error we are getting..,

 

There were errors in saving this configuration:

  • The IP address range 10.20.33.234/32 does not apply to any configured subnets.
  • The IP address range 10.20.33.235/32 does not apply to any configured subnets.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels