Load sharing over 2 Non-Meraki VPN peers

rwiesmann
A model citizen

Load sharing over 2 Non-Meraki VPN peers

Hi all, 

wondering if someone has experience with Non-Meraki VPN to AWS....I know I could install a vMX and it would be easy.

But my setup uses Non-Meraki VPN.

 

AWS seams to have the concept of having 2 Tunnels. So on the Meraki side i configured 2 Non-Meraki VPN peers.

AWS provides to different public IP to do so. This tunnels I terminate on the same MX. VPN  status is green for both :).

 

It also works, but I have some point which i do not understand.

 

On the AWS side it looks like only one tunnel is active. Is this per design?

 

On the Meraki side i provided the same subnets to be reachable over the 2 Tunnels on the AWS side.

Does this automatically mean, the traffic will be load shared?

Is it even possible to load share?

 

One more question is, if I can influence the traffic to use a certain tunnel for an Subnet or even for dedicated traffic?

 

Has anyone some experience on it? I consulted the Meraki documentation, but did not find any answers on this...or maybe i did not find the right documentation 🙈

 

rgds

roger

4 Replies 4
CptnCrnch
Kind of a big deal
Kind of a big deal

rwiesmann
A model citizen

@CptnCrnch thanks a lot. Yes it helped for sure a bit. 

Like the route priority part. 

 

The routing also helped me a bit but still is not 100% clear. see picture

rwiesmann_0-1621598702485.png

 

IP routing will be undefined leaves a lot of interpretation...as it could work but is not clearly defined or it does not work...

The availability is not an option, as my goal would be to load balance over the two non-meraki vpns.

 

thanks a lot.

Guess need to do some testing on it.

rgds

roger

 

CptnCrnch
Kind of a big deal
Kind of a big deal

From my point of view, „undefined“ simply means that the first packet will be sent out via tunnel 1, second packet via tunnel 2 and so on. This would be unwanted in many other environments, but exactly what you‘re trying to achieve.

 

At least that’d be logical, I‘ve never tried it though. Please keep is posted when you‘re trying it @rwiesmann.👍

rwiesmann
A model citizen

Well, we should be able to do some test quite soon. @CptnCrnch thanks for you feedback and I try to give a feedback here.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels