Meraki

Community

Disable Active/Active Auto VPN over Wan 2

Solved
SmartlinkIT
Conversationalist
‎May 9 2019 5:49 AM
‎May 9 2019 5:49 AM

Disable Active/Active Auto VPN over Wan 2

Hello,

 

I recently started with a new company as a Sys Admin, their Network Admin just left. They have been having some issues with their fail-over connection using too much data and have ask me to look  into it. 

 

At my office we have an MX84. Wan 1 is configured with a Comcast fiber connection, Wan 2 is a Verizon LTE connection via a Cradlepoint Router in pass-through Mode. I have the MX84 configured to use WAN 1 for the primary and only to use WAN2 in the event of a fail-over. 

 

VPN Topogrophy: We have 10 other offices and 1 data center, the satellite offices are all using MX84's as well and are connected via VPN utilizing Meraki Mesh. The Data Center is using a ASA 5545, it has IKE V1 connections to all of the MX 84's including my office. 

 

The issue we are having is that even though there hasn't been a fail-over, we are still consuming 18GB of LTE data a month and incurring overages with Verizon (the plan the company had was to pay for the 1GB per month plan and upgrade to a larger data package if needed in the event of a failover). I would argue to just keep the higher plan, but those decisions aren't left to me and here we are. I believe that its the Active/Active Auto VPN that is causing the excess data usage, but I can't figure out how to disable it for WAN 2. 

 

Any help or information would be greatly appreciated. 

 

Best Regards,

SML I.T. 

 

0 Kudos
1 Accepted Solution
In response to ww
jdsilva
Kind of a big deal
‎May 9 2019 10:26 AM
‎May 9 2019 10:26 AM

I can see it on 14.39:

 

image.png

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

8 Replies 8
kYutobi
Kind of a big deal
‎May 9 2019 5:52 AM
‎May 9 2019 5:52 AM

There is a sort of similar thread that @NolanHerring resolved: 

 

https://community.meraki.com/t5/Security-SD-WAN/MX64-Allow-only-Office-365-when-using-WAN-2-Fail-ove...

 

Hope this helps.

Enthusiast
In response to kYutobi
ww
Kind of a big deal
Kind of a big deal
‎May 9 2019 6:31 AM
‎May 9 2019 6:31 AM

at SD-WAN & traffic shaping you can disable the Active-Active AutoVPN

In response to ww
SmartlinkIT
Conversationalist
‎May 9 2019 8:37 AM
‎May 9 2019 8:37 AM

I don't see any options under SD-WAN & Traffic shaping for Active-Active Auto VPN.

0 Kudos
In response to SmartlinkIT
ww
Kind of a big deal
Kind of a big deal
‎May 9 2019 10:15 AM
‎May 9 2019 10:15 AM

Hmm i guess its part of beta firmware 15.x

In response to ww
jdsilva
Kind of a big deal
‎May 9 2019 10:26 AM
‎May 9 2019 10:26 AM

I can see it on 14.39:

 

image.png

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
SmartlinkIT
Conversationalist
‎May 9 2019 10:34 AM
‎May 9 2019 10:34 AM

So I'm currently behind, I'm on 13.36. I'll go ahead and update tonight and see if it shows up. 

In response to SmartlinkIT
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 9 2019 2:18 PM
‎May 9 2019 2:18 PM

Make sure you have load balancing disabled.  Even with Active/Active VPN enable, if load balancing is disabled then the second WAN port wont be used unless the primary has failed over ... unless you have defined some performance classes, and the LTE circuit is performing better than your main ISP circuit.

In response to jdsilva
SmartlinkIT
Conversationalist
‎May 10 2019 6:10 AM
‎May 10 2019 6:10 AM

Thank you for the help, updateing the firmware gave me the option to disable the Active/Active Auto VPN. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.