Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non-Meraki VPN to Same Private Subnet

Solved
lostinpcaps
Conversationalist
‎Mar 26 2024 5:33 AM
‎Mar 26 2024 5:33 AM

Non-Meraki VPN to Same Private Subnet

I am setting up two site-to-site VPN connections on an MX85 unit. These VPN connnections terminate into AWS using different public IP's but route to the same private IP subnets of 10.20.1.0/24.These two connections are individual tunnels of a 2 tunnel AWS VPN connection. The VPN connections work when only one connection/tunnel is active at a time. When both connections/tunnels are active at the same time traffic stops routing. I believe this is due to the VPN connections routing to the same private subnet of 10.20.1.0/24, and the MX doesn't know which route to send traffic over as it has two routes to the same destination subnet. Checking the routing table in the MX when both connections are active, I do see a green dot next to one of the routes and a plain dash next to the other, in my mind this means that one is active and the second is on standby as failover. The ideal setup is to have one VPN connection be active and the second be a failover in case one tunnel goes down. Does anyone else know if this setup is possible with the MX85? I have read the documentation on site-to-site VPN's but found nothing on this matter. Thank you!

Labels:
0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 26 2024 5:39 AM
‎Mar 26 2024 5:39 AM

It is not possible to have a backup tunnel to AWS, whenever the tunnel becomes unavailable you need to change it manually.
 
The best option is to have a vMX on AWS and use Meraki's auto VPN.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 26 2024 5:39 AM
‎Mar 26 2024 5:39 AM

It is not possible to have a backup tunnel to AWS, whenever the tunnel becomes unavailable you need to change it manually.
 
The best option is to have a vMX on AWS and use Meraki's auto VPN.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
lostinpcaps
Conversationalist
‎Mar 26 2024 1:28 PM
‎Mar 26 2024 1:28 PM

Thank you, after doing further research i believe this to be correct and that a vMX would be the best solution for this. Adittionaly i believe i can also disable/remove the second tunnel in AWS. This will remove the redundancy but will stop the alerts we are getting from a tunnel being down.

0 Kudos
Subscribe
In response to lostinpcaps
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 26 2024 2:24 PM
‎Mar 26 2024 2:24 PM

>Adittionaly i believe i can also disable/remove the second tunnel in AWS

 

I have done this and that works.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 26 2024 11:00 AM
‎Mar 26 2024 11:00 AM

Using a VMX-S is often a better alternative to using the native Amazon VPN service when using an MX.

https://meraki.cisco.com/product/hybrid-cloud/vmx/vmx-small/ 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.