Disable Active/Active Auto VPN over Wan 2

SOLVED
SmartlinkIT
Conversationalist

Disable Active/Active Auto VPN over Wan 2

Hello,

 

I recently started with a new company as a Sys Admin, their Network Admin just left. They have been having some issues with their fail-over connection using too much data and have ask me to look  into it. 

 

At my office we have an MX84. Wan 1 is configured with a Comcast fiber connection, Wan 2 is a Verizon LTE connection via a Cradlepoint Router in pass-through Mode. I have the MX84 configured to use WAN 1 for the primary and only to use WAN2 in the event of a fail-over. 

 

VPN Topogrophy: We have 10 other offices and 1 data center, the satellite offices are all using MX84's as well and are connected via VPN utilizing Meraki Mesh. The Data Center is using a ASA 5545, it has IKE V1 connections to all of the MX 84's including my office. 

 

The issue we are having is that even though there hasn't been a fail-over, we are still consuming 18GB of LTE data a month and incurring overages with Verizon (the plan the company had was to pay for the 1GB per month plan and upgrade to a larger data package if needed in the event of a failover). I would argue to just keep the higher plan, but those decisions aren't left to me and here we are. I believe that its the Active/Active Auto VPN that is causing the excess data usage, but I can't figure out how to disable it for WAN 2. 

 

Any help or information would be greatly appreciated. 

 

Best Regards,

SML I.T. 

 

1 ACCEPTED SOLUTION
jdsilva
Kind of a big deal

8 REPLIES 8
kYutobi
Kind of a big deal

There is a sort of similar thread that @NolanHerring resolved: 

 

https://community.meraki.com/t5/Security-SD-WAN/MX64-Allow-only-Office-365-when-using-WAN-2-Fail-ove...

 

Hope this helps.

Enthusiast
ww
Kind of a big deal
Kind of a big deal

at SD-WAN & traffic shaping you can disable the Active-Active AutoVPN

SmartlinkIT
Conversationalist

I don't see any options under SD-WAN & Traffic shaping for Active-Active Auto VPN.

ww
Kind of a big deal
Kind of a big deal

Hmm i guess its part of beta firmware 15.x

jdsilva
Kind of a big deal

I can see it on 14.39:

 

image.png

So I'm currently behind, I'm on 13.36. I'll go ahead and update tonight and see if it shows up. 

Make sure you have load balancing disabled.  Even with Active/Active VPN enable, if load balancing is disabled then the second WAN port wont be used unless the primary has failed over ... unless you have defined some performance classes, and the LTE circuit is performing better than your main ISP circuit.

Thank you for the help, updateing the firmware gave me the option to disable the Active/Active Auto VPN. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels