We have a virtual Meraki MX device in an AWS VPC, connecting back to our primary office's ASA over an IPSec tunnel.
Our office has a backup fibre line for instances where our primary line goes down, and as such the ASA has two public facing IP addresses. I can't seem to see a way to configure a backup IP address for the ASA end of the tunnel in the Meraki interface to enable this tunnel to failover automatically, and I can't simply set up two tunnels because they'll both be routing the same /16 subnet.
Is it possible to configure a failover situation like this so that when our primary line goes down the tunnel will switchover to the failover peer address?
This is an old thread, but I'm now running into the same issue. I disagree with the statement this is an unusual configuration since it has been a standard configuration in other Cisco firewalls for as long as I can remember. In an ASA as an example, you simply configure your phase 2 with something like the following:
crypto map outside-vpn-map 999 set peer 220.127.116.11 18.104.22.168
This really is an important feature for the Meraki if it is going to be a viable replacement for other firewall products. We use a tunnel like this to route traffic through a DLP vendor and since the Meraki firewall replacement, there is now no fault tolerance in the VPN tunnel on the vendor side.
This kind of thing and lack of support for IKEv2 in the VPN tunnels is really disappointing for anyone trying to move to Meraki from other more traditional firewall and networking gear.