MX84 redundant links and VPN issues

Chris_Schott
Comes here often

MX84 redundant links and VPN issues

Hi,

In a new role at a MSP and one of their clients is using a Meraki MX84.

It has 2 Internet links and they are complaining about performance as the primary link is set as an older 10Mbps/10 link.

The second link is 100/40 link.

The outgoing engineer has advised that they attempted to set the secondary link as the primary and all of the VPN connections that were setup on the primary link IP address failed.

 

The setup they have is: 1 x MX84

Primary Link - 10/10Mbps - IP xxx.xxx.xxx.xxx (Public IP static)

Secondary - 100/40Mbps - IP yyy.yyy.yyy.yyy (I don't know these IPs yet)

 

VPN with hardcoded IPs to xxx.xxx.xxx.xxx

 

We want all internet traffic to go through the secondary link to speed things up and dedicate the primary to VPN traffic. If Secondary link goes down, they want all traffic to be pushed through the primary.

a: Is this possible?

b: How do I set this up?

I'm not a Meraki specialist but am a jack of all trades IT generalist.

Thanks in Advance.

Chris.

 

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Configure a flow preference for Internet traffic, and specify that everything ("Any") is to go out the new WAN interface.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen... 

Hi Phillip,

Sorry for the delay, it's been busy around here and I'm still finding my feet at the new role.

 

I have created Flow preferences as below:

Chris_Schott_0-1593667435985.png

 

and want to confirm that this will work before I save it.

The client's VPNs are setup on port 500 and a time management server is setup on 192.168.20.10.

From what I understand, this config should allow the VPNs to run only on WAN1, with the time server on WAN1 as well.

Everything else should go through WAN2.

Is this right?

Thanks in advance for your help.

 

What kind of VPN traffic is this, AutoVPN, client VPN or non-Meraki VPN.

It's non-Meraki VPN. It's basic Windows VPN configured to an Host name.

I'm going to log into the host, change the records to point from the slow link to the fast link before setting the primary upload link to WAN 2.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels