Meraki

Community

MX64 Route specific traffic though WAN2

Gus3
New here
‎Oct 30 2022 10:25 AM
‎Oct 30 2022 10:25 AM

MX64 Route specific traffic though WAN2

This is a test environment before I try it on the customers production MX64.
I have 2 Internet feeds. WAN1 is configured with one Internet provider and Port 4/WAN2 is configure with another Internet provider. I want all traffic to go out WAN1 unless it's destination is a certain IP address. I cannot seem to get this to work.

Labels:
0 Kudos
5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎Oct 30 2022 10:42 AM
‎Oct 30 2022 10:42 AM

You are talking about internet traffic outside the vpn?

 

Wan1 is primary? And load balancing disabled?

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

 

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

 

Can you share your rule? And how did you verify its not working?

0 Kudos
In response to ww
Gus3
New here
‎Oct 30 2022 11:08 AM
‎Oct 30 2022 11:08 AM

WAN1 is primary, LB is disabled.  I want all traffic going out WAN1 unless it's destination is 

10.64.2.xxx, a single, no-changing IP destination.
 
My rule look s like this
 
Protocol     Source    Src Port     Destination            DST Port      Preferred Uplink
Any               Any          Any         10.64.2.xxx/32       Any                 WAN2
 
A tracert shows routing through WAN1.  In addition, the destination will only accept traffic for my WAN2 IP.  And my attempt to connect to the destination fails.  I can assign the Static IP of the WAN2 connection to a laptop and the connect works.
 
 
0 Kudos
In response to Gus3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2022 11:45 AM
‎Oct 30 2022 11:45 AM

Tracert is not a valid test, is based on ICMP, Look at this information:

 

Note: ICMP traffic is not subject to traffic shaping rules. As a result, Flow Preference will have no impact on ICMP traffic.

 

So if WAN1 is defined as the primary uplink tracert will go for WAN1. You can change your primary uplink for WAN 2.

 

alemabrahao_0-1667155508190.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to Gus3
ww
Kind of a big deal
Kind of a big deal
‎Oct 30 2022 11:51 AM
‎Oct 30 2022 11:51 AM

Wan2 is a mpls? 10.x is not a internet address.

 

Or is it a destination in your autovpn?

0 Kudos
In response to Gus3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2022 12:00 PM
‎Oct 30 2022 12:00 PM

But, just an observation, It's a rule for Internet traffic, for VPN you should have to create an SD-WAN policy:

 

alemabrahao_0-1667156252779.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.