Meraki

aedm87 · ‎Mar 18 2019

Hi dears,

Community I need your help.

MX-HQ - MX in the HQ

MX-B - MX in the branch

I am trying run SD-WAN between HQ and branch, in wan 1 have connected a DIA and in wan 2 have connected the circuit mpls.

The communication in wan 1 is successfully to MX-HQ throug Internet, but the communication in wan 2 throug mpls is failed.

I have tested make a ping from MX-B to MX-HQ through the mpls circuit but there is not response. however, a ping from MX-B to the router in the branch that want replace with other ip address is successfully.

The segment mpls is a /25. so that all devices in this segment can see each other.

Any idea about this issue.

jdsilva · ‎Mar 18 2019

@aedm87 wrote:
But in my case is necessary two wan active to run SD-WAN and understand that is possible with one DIA and one MPLS.

Sorry, but this is not currently possible.

http://blog.brokennetwork.ca |

@jdsilva

View solution in original post

NolanHerring · ‎Mar 18 2019

If you could provide us with screenshots of the addressing and vlans and SD-WAN and Traffic Shaping pages please 😃

Nolan Herring | nolanwifi.com

aedm87 · ‎Mar 18 2019

Hi Nolan, thank you for your response.

For now I have not configured nothing in SD-WAN and Traffic Shaping. only enable wan 2 how primary uplink.

In addressing and vlans only I have created the subnets and vlans of the lan. without static route and of course the mx in mode routed.

jdsilva · ‎Mar 18 2019

@aedm87 wrote:

and in wan 2 have connected the circuit mpls.

This is not supported. Meraki requires Internet access on the WAN ports of an MX. You cannot connect Private MPLS to the WAN port. You must use a LAN port (which means you can't use SD-WAN).

http://blog.brokennetwork.ca |

@jdsilva

aedm87 · ‎Mar 18 2019

Hi Jdsilva,

The Model is a MX67C, this model only has one wan but I enabled one lan port to that work it like a secondary wan.

you want tell me that is not necessary converted one lan port to wan port to connected the mpls circuit?

In that case, I understand then I would not really have load balancing between wan 1 and wan 2.

Nash · ‎Mar 18 2019

Are you trying to do something like AutoVPN as well as MPLS?

If so, Meraki has a document here on how to configure a failover situation. Please note that it does not discuss load balancing across the two links, as they are not both WAN.

Please also note that it clearly shows the MPLS connected as a LAN connection, as opposed to WAN. You might also find this article useful.

Windows 10 Client VPN scripts: Makes life better!

aedm87 · ‎Mar 18 2019

Hi Nash,

Are you trying to do something like AutoVPN as well as MPLS?
Yes, that is the objective.

The documentation that you mentionate I have review it already. But in my case is necessary two wan active to run SD-WAN and understand that is possible with one DIA and one MPLS.

jdsilva · ‎Mar 18 2019

@aedm87 wrote:
But in my case is necessary two wan active to run SD-WAN and understand that is possible with one DIA and one MPLS.

Sorry, but this is not currently possible.

http://blog.brokennetwork.ca |

@jdsilva

PhilipDAth · ‎Mar 18 2019

You can run AutoVPN over MPLS. This is the deployment guide. It allows for full SDN.

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

You can use MPLS with simple failover to AutoVPN:

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

There is also a super new beta feature called NO-NAT available in the 15.x code. The documentation for this has been removed as it is being updated, but you could consider this option as well.

aedm87 · ‎Mar 18 2019

Thank you PhilipDAth,

I hope to release soon this version....

aedm87 · ‎Mar 18 2019

Wow that if is bad.

If the world is not perfect because technology has to be =(

hianilz · ‎Jan 30 2022

Hi All,

i am facing same kind of issues.., can some help on this ??

my WAN1 is conencting to Internet and WAN2 is to MPLS.

I need to maintain a Auto VPN for both WAN's..

At the moment my WAN2 interface status showing as "Failed" and not able to ping the gateway(which is ISP router and directly connected)

I know WAN2 interface will be active once it has internet reachability., but for i am trying to add one static route pointing to my Firewall interface from same subnet.., but again below error i am getting.

"The static LAN route "test" has an invalid next hop IP. The IP address 10.20.33.236 is not on a configured subnet"

kindly suggest on anove problem as we deployment in a week.

PhilipDAth · ‎Jan 31 2022

You can't add a static route via a WAN port, but you can add a flow preference - but these only work if the WAN port is marked as up - which it isn't in your case.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

hianilz · ‎Feb 1 2022

Hi Phillip,

Thanks for your reply, I understood that we can not add static route via WAN port. But WAN2 port is still DOWN that will come up only if that interface reachable to Internet for that reason we want to add static rotue towards the LAN which firewall has Internet connection.

Do you think if i add Flow Preference source as "MPLS Private subnet" and desitnation as "Dashboard IP's " and Preferred Link as "WAN1" which is Internet connected at the moment.

Please we need your advise on this problem.., we have deployment on Friday.

hianilz · ‎Feb 1 2022

Hi @PhilipDAth as per your suggistion i had added flow preference below is the error we are getting..,

There were errors in saving this configuration:

The IP address range 10.20.33.234/32 does not apply to any configured subnets.
The IP address range 10.20.33.235/32 does not apply to any configured subnets.

Meraki

Community

Communication in Wan 2 is failed - SDWAN

Communication in Wan 2 is failed - SDWAN