Redundant VPN Connection

dwoodcuwcd
New here

Redundant VPN Connection

I have 7 Meraki's and 1 Non-Meraki devices that have VPN connections to each other. The non-Meraki device is a Cisco FTD. I have recently lost my fiber connection several times at the Cisco FTD, but I have redundant internet connections with a different IP. Is there a way to setup a secondary or redundant VPN connection on a Meraki device? Such that if my main VPN connection to the Cisco FTD goes down, it creates a new VPN connection using my secondary internet connection.


Thank you.

3 Replies 3
GIdenJoe
Kind of a big deal
Kind of a big deal

Your Meraki will do that automatically.
If your primary selected WAN is down it will try to form a VPN over the other one.
However in that case  you must have a configuration on the FTD side that can enable the VPN that way.  I don't really know if that is an easy task though.

I believe in old ASA code you could just use another tunnel-group and have your crypto map statements changed.  However this needs to be manually entered or somehow scripted to change your config when it happens.

mavked
Conversationalist

If the MX does use automatically WAN2 when WAN1 goes down and you are connected to either a Cisco ASA or FTD. You can simply configure the tunnel on the ASA/FTD twice.

 

If WAN2 does not answer to the ASA/FTD as long as WAN1 is working only one tunnel is UP at a time.

 

You can setup a second tunnel is ASA/FTD as long as the destination public ip of the tunnel is diffrent. The SA of the tunnel can be the same.

dwoodcuwcd
New here

Thank you.   I realized maybe I'm asking the wrong question.   Thank you for the answers.  

What i meant to ask:

If my "non-meraki peer" losing connection, can it bring up a VPN on a different ip to that same non-meraki-peer automatically.   And I believe that is not going to be possible.  I'm looking into getting a dns switcher so that it points to the other address in the event that the non-meraki-peer's primary wan goes out, it can just point the secondary wan via dns.   

 

Anyways.  Thank you for the responses. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels