Meraki

Community

Email alerts for VPN Connectivity Changed - need to know which WAN port

Solved
Brian_Scheele
Here to help
‎Jan 19 2024 6:51 AM
‎Jan 19 2024 6:51 AM

Email alerts for VPN Connectivity Changed - need to know which WAN port

Many of our offices use Comcast copper for primary Internet connectivity and use their Connection Pro, which is a cellular backup modem.  WAN1 from the MX plugs into the coper modem, WAN2 into the cellular backup.  We do not have connectivity between the two modems, otherwise we would have no visibility to failover events.

 

One of our sites barely has a strong enough 4G signal - about 10 Mbps with low jitter, but connectivity apparently drops several times per day, long enough to cause the site-to-site VPN connection to go down.

 

It would be nice if Meraki could at least include the public IP addresses involved in the connection, or the WAN port, or both, so that Outlook inbox rules can be created to ignore some of these alerts.  I only care if the connection goes down if it happens while I am in a failover.

 

I could for this one particular network just not use WAN2 and have the copper modem connected to the cellular modem like Comcast suggests.  The only way we would know of a failover event is if someone at the remote office complains about bandwidth or maybe there is another alert about a site-to-site route change.

 

Or, if someone has a better idea, I would be open to some suggestions.  I doubt there is some magic setting that just keeps the tunnel open when a connection is down for several minutes.  DNS has to happen across the tunnel, so even if I could turn off the VPN for WAN2, it would not be too helpful.

 

2024-01-19 09_48_51-Clipboard.png

Labels:
1 Accepted Solution
Brian_Scheele
Here to help
‎Jan 22 2024 5:25 AM
‎Jan 22 2024 5:25 AM

I ended up taking WAN2 offline on the MX84 at the site.  The alerts were coming from both sides of the site to site VPN connection - office and both datacenters.  Turning off alerts at the office to instead use 3rd party software would not solve receiving alerts from the datacenters, unless we also went third-party with those, too.

 

The ideal solution would be for Meraki to provide some granularity in the details provided in the reports.

 

Instead, the path from inside to the Internet is:
MX84 Port 1 > Comcast Modem < > Cradlepoint Modem (cellular)

 

Thanks everyone for the suggestions!  Zabbix will probably be something we end up using, but we can decide later if it also makes sense as a solution that includes WAN2 plugged into the Cradlepoint.

View solution in original post

0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 19 2024 7:37 AM
‎Jan 19 2024 7:37 AM

Why don't you monitor the WAN ports instead of the VPN connection?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 19 2024 7:39 AM
‎Jan 19 2024 7:39 AM

Oh, I know that the dashboard doesn't send WAN2 alerts but you can monitor it with a third-party tool like Zabbix.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Brian_Scheele
Here to help
‎Jan 19 2024 7:57 AM
‎Jan 19 2024 7:57 AM

I would have to turn off my alerts to use something 3rd party to alert for WAN1 and VPN connectivity.  That probably would not be the best idea - we have over 300 sites monitored and only a handful that make use of WAN2 for cellular backup. If we did disable the alerts from the Meraki side, we would want our SEIM to provide the alerts in its place, provided the SEIM can differentiate between WAN1 and WAN2, and have some way for the datacenter side to know it was just a backup connection going down.

 

Seems the best fix would be if Meraki just added more detail in the email alerts.

 

0 Kudos
In response to Brian_Scheele
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 19 2024 8:01 AM
‎Jan 19 2024 8:01 AM

It would actually be the solution to make less work for you.
 
Jokes aside, today we monitor more than 700 sites via Zabbix (we even have integration with Power BI to generate reports) and it serves us very well.
 
Keep an open mind about the subject.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Brian_Scheele
Here to help
‎Jan 19 2024 7:52 AM
‎Jan 19 2024 7:52 AM

On one side of the VPN connection, we have our datacenters.  That needs to be monitored and alerted.

0 Kudos
In response to Brian_Scheele
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 19 2024 7:55 AM
‎Jan 19 2024 7:55 AM

Ok, but what prevents monitoring the data center side via Zabbix?
 
If you can get a basic topology it might be easier to understand and suggest something.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Brian_Scheele
Here to help
‎Jan 19 2024 8:21 AM
‎Jan 19 2024 8:21 AM

I'll have to give a serious look into Zabbix.  Not sure I can sell it as the solution, but I can see this being useful for some other things, and as a replacement for something we currently pay for that monitors servers and the non-Meraki hardware we have in place.  Quick fix is probably just going to be to move the patch cable connecting WAN2 to cellular to be cellular to copper modem.

0 Kudos
In response to Brian_Scheele
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 19 2024 8:29 AM
‎Jan 19 2024 8:29 AM

When you have free time, take a look at this.

 

https://apps.meraki.io/en-US/apps/412728/zabbix#overview

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
mlefebvre
Building a reputation
‎Jan 19 2024 12:44 PM
‎Jan 19 2024 12:44 PM

Insight will give you alerts for WAN2, you could purchase one license just for this trouble site. Or, run a Python API script somewhere to generate a custom alert for this site for you.

0 Kudos
Brian_Scheele
Here to help
‎Jan 22 2024 5:25 AM
‎Jan 22 2024 5:25 AM

I ended up taking WAN2 offline on the MX84 at the site.  The alerts were coming from both sides of the site to site VPN connection - office and both datacenters.  Turning off alerts at the office to instead use 3rd party software would not solve receiving alerts from the datacenters, unless we also went third-party with those, too.

 

The ideal solution would be for Meraki to provide some granularity in the details provided in the reports.

 

Instead, the path from inside to the Internet is:
MX84 Port 1 > Comcast Modem < > Cradlepoint Modem (cellular)

 

Thanks everyone for the suggestions!  Zabbix will probably be something we end up using, but we can decide later if it also makes sense as a solution that includes WAN2 plugged into the Cradlepoint.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.