Solved! Go to solution.
Hello @KSM, as @GIdenJoe has indicated, the MX has a failover process when there are two different WAN links available. So, an IPSec VPN connection is not necessary. You can find information about the failover behavior in the link below.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Failover_Behavior
Adopting the approach https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover should help you out here. The only difference is that this is based on two 3rd party S2S connections.
Thank you so much for your response.!!
You are talking about auto VPN between an MX and a vMX. That means you can just choose 1 WAN or concurrently both WAN's. You don't need to do anything. That means you don't need an IPsec VPN as backup since the autoVPN is already redundant via your both WAN's.
Thank you so much for your response.!
Hello @KSM, as @GIdenJoe has indicated, the MX has a failover process when there are two different WAN links available. So, an IPSec VPN connection is not necessary. You can find information about the failover behavior in the link below.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Failover_Behavior
WAN port 1 connects with AUTO VPN between MX95 and vMX.
WAN port 2 is an IPSEC connection between MX95 and AWS.
If WAN 1 goes down, WAN 2 automatically takes over.
Is this possible?
And as an additional question, if I only use WAN 1, will it work if I use AUTO VPN and IPSEC at the same time?
>If WAN 1 goes down, can I IPSEC with AWS VPC GW on WAN 2 to create a redundant configuration?
No, you can't do failover between a VMX and an AWS VPC VPN. As others have said, the VMX and the MX95 will fail over automatically between the links.
Thank you so much for your response.