I recently started with a new company as a Sys Admin, their Network Admin just left. They have been having some issues with their fail-over connection using too much data and have ask me to look into it.
At my office we have an MX84. Wan 1 is configured with a Comcast fiber connection, Wan 2 is a Verizon LTE connection via a Cradlepoint Router in pass-through Mode. I have the MX84 configured to use WAN 1 for the primary and only to use WAN2 in the event of a fail-over.
VPN Topogrophy: We have 10 other offices and 1 data center, the satellite offices are all using MX84's as well and are connected via VPN utilizing Meraki Mesh. The Data Center is using a ASA 5545, it has IKE V1 connections to all of the MX 84's including my office.
The issue we are having is that even though there hasn't been a fail-over, we are still consuming 18GB of LTE data a month and incurring overages with Verizon (the plan the company had was to pay for the 1GB per month plan and upgrade to a larger data package if needed in the event of a failover). I would argue to just keep the higher plan, but those decisions aren't left to me and here we are. I believe that its the Active/Active Auto VPN that is causing the excess data usage, but I can't figure out how to disable it for WAN 2.
Any help or information would be greatly appreciated.
Solved! Go to Solution.
There is a sort of similar thread that @NolanHerring resolved:
Hope this helps.
Make sure you have load balancing disabled. Even with Active/Active VPN enable, if load balancing is disabled then the second WAN port wont be used unless the primary has failed over ... unless you have defined some performance classes, and the LTE circuit is performing better than your main ISP circuit.
Thank you for the help, updateing the firmware gave me the option to disable the Active/Active Auto VPN.