How to check number of VPN tunnels from a remote site to a hub.

Comes here often

How to check number of VPN tunnels from a remote site to a hub.

I have a remote site with 2 uplinks.

I have Active-Active AutoVPN enabled in SDWAN and Traffic-Shaping.

Loadbalancing is disabled

And I have configured 2 Hubs for this site to connect to.


Does this setting maintains 4 VPN tunnels or 2 from the remote site? And where do i get this information on the dashboard? 

Kind of a big deal

  1. MX1 and MX2 are part of the same organization. MX1 and MX2 are configured to participate in Auto VPN. Both MX1 and MX2 send a Register Request message to their VPN registry in order to share their own contact information, and to get the contact information of the peer MX(s) that it should form a VPN tunnel with. The Register Request message contains the IP address and the UDP port that the MX communicates on, and the MX requests the contact information of its peer MX(s).
  2. VPN registries send the Register Response messages to the MXs with the contact information of the peers the MXs should establish a tunnel with. 
  3. Once the information is shared with the MX about its peers, a VPN tunnel is formed MX to MX. The Meraki cloud already knows the subnet information for each MX, and now the IP addresses to use for tunnel creation. The cloud pushes a key to the MXs in their configuration which is used to establish an AES encrypted IPsec-like tunnel. Local subnets specified by dashboard admins are exported/shared across VPN. During this process, VPN routes are pushed from the dashboard to the MXs. Finally, the dashboard will dynamically push VPN peer information (e.g., exported subnets,  tunnel IP information) to each MX. Every MX stores this information in a separate routing table.




Kind of a big deal

Yes you will have 4 Tunnels.


You can also see the tunnels in Security Appliance -> VPN Status


In this documentation you will learn the formulas to calculate the number of tunnels formed per configuration :

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.