cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disable Active/Active Auto VPN over Wan 2

SOLVED
Highlighted
Conversationalist

Disable Active/Active Auto VPN over Wan 2

Hello,

 

I recently started with a new company as a Sys Admin, their Network Admin just left. They have been having some issues with their fail-over connection using too much data and have ask me to look  into it. 

 

At my office we have an MX84. Wan 1 is configured with a Comcast fiber connection, Wan 2 is a Verizon LTE connection via a Cradlepoint Router in pass-through Mode. I have the MX84 configured to use WAN 1 for the primary and only to use WAN2 in the event of a fail-over. 

 

VPN Topogrophy: We have 10 other offices and 1 data center, the satellite offices are all using MX84's as well and are connected via VPN utilizing Meraki Mesh. The Data Center is using a ASA 5545, it has IKE V1 connections to all of the MX 84's including my office. 

 

The issue we are having is that even though there hasn't been a fail-over, we are still consuming 18GB of LTE data a month and incurring overages with Verizon (the plan the company had was to pay for the 1GB per month plan and upgrade to a larger data package if needed in the event of a failover). I would argue to just keep the higher plan, but those decisions aren't left to me and here we are. I believe that its the Active/Active Auto VPN that is causing the excess data usage, but I can't figure out how to disable it for WAN 2. 

 

Any help or information would be greatly appreciated. 

 

Best Regards,

SML I.T. 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Disable Active/Active Auto VPN over Wan 2

8 REPLIES 8
Highlighted
Kind of a big deal

Re: Disable Active/Active Auto VPN over Wan 2

Highlighted
Kind of a big deal
Kind of a big deal

Re: Disable Active/Active Auto VPN over Wan 2

at SD-WAN & traffic shaping you can disable the Active-Active AutoVPN

Highlighted
Conversationalist

Re: Disable Active/Active Auto VPN over Wan 2

I don't see any options under SD-WAN & Traffic shaping for Active-Active Auto VPN.

Highlighted
Kind of a big deal
Kind of a big deal

Re: Disable Active/Active Auto VPN over Wan 2

Hmm i guess its part of beta firmware 15.x

Highlighted
Kind of a big deal

Re: Disable Active/Active Auto VPN over Wan 2

Highlighted
Conversationalist

Re: Disable Active/Active Auto VPN over Wan 2

So I'm currently behind, I'm on 13.36. I'll go ahead and update tonight and see if it shows up. 

Highlighted
Kind of a big deal

Re: Disable Active/Active Auto VPN over Wan 2

Make sure you have load balancing disabled.  Even with Active/Active VPN enable, if load balancing is disabled then the second WAN port wont be used unless the primary has failed over ... unless you have defined some performance classes, and the LTE circuit is performing better than your main ISP circuit.

Highlighted
Conversationalist

Re: Disable Active/Active Auto VPN over Wan 2

Thank you for the help, updateing the firmware gave me the option to disable the Active/Active Auto VPN. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.