Non Meraki VPN Peers

JED2021
Getting noticed

Non Meraki VPN Peers

I am in the process of setting up the second tunnel to GCP

The first Tunnel is currently working on WAN1

The second Tunnel form GCP points to my WAN 2

 

Has anyone run redundant tunnels to a cloud provider?

 

Is there a way to disable a tunnel to verify if redundancy works?

 

How would you verify  tunnel operation?

7 REPLIES 7
KarstenI
Kind of a big deal
Kind of a big deal

I am not aware how to get this working as the external VPNs are always terminated on the primary WAN (or the secondary WAN if the primary fails).

The way to go is set up a vMX in GCP and integrate it into AutoVPN. There you have the full SD-WAN flexibility.

GCP will initiate phase 1 and phase 2 to WAN 2

KarstenI
Kind of a big deal
Kind of a big deal

There is no Phase1, Phase2 in AutoVPN. It's just an option to choose if and how you would like to load balance your traffic over WAN1 and WAN2.

I can see GCP initiating on  WAN 2. 

It is failing since it is not configured yet.

 

The question is  how do you disable a tunnel

KarstenI
Kind of a big deal
Kind of a big deal


@JED2021 wrote:

I can see GCP initiating on  WAN 2. 


This is because you configured the cloud gateway that way.

 


@JED2021 wrote:

It is failing since it is not configured yet.

 

The question is  how do you disable a tunnel


remove the first tunnel config.

 

And again: You won't get happy with Extranet-VPNs on the MX if it has to be slightly more complex.

ww
Kind of a big deal
Kind of a big deal

You can disable wan1. Or set wan2 to primary uplink (at the traffic shaping settings page)

KarstenI
Kind of a big deal
Kind of a big deal

But this is doing more than disabling the VPN on WAN1 as it shifts the full VPN functionality to WAN2. It will show the working VPN on WAN1 but not that both VPNs could operate.

Or, @JED2021, is that all that you want? Just a backup-tunnel and no simultaneous tunnels? I think I misinterpreted your whole post at the beginning.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels