Hi all,
I've been working to assist in deploying a Meraki SD-WAN solution for a company, had a lot of success with SD-WAN working with previous companies but running into a new issue currently and would love some advice/recommendations if possible.
Company currently has MPLS connection and wants to add a direct internet access circuit and leverage the MX SD-WAN capability.
The plan was to have Internet bound traffic out the interface for direct internet access, MPLS/Datacenter traffic out that interface as a simple way to start.
When the DIA circuit fails or goes down, the traffic should all transit the MPLS circuit until it is restored.
An additional requirement was later added to require all internet bound traffic to connect out to a security service like Prisma/Umbrella via a VPN tunnel to be inspected first, then out to the internet.
This would require some basic routing to tell traffic where to go(mainly the datacenter>MPLS traffic), and a default route pointing to the third party VPN on the Meraki, to force that traffic through the tunnel to the security provider.
The issue we are running in to seems to be related to how the traffic would fail over when the DIA uplink goes down.
From what we've been told by our Cisco Meraki resources is that the Meraki would not automatically fail that default route/traffic over to the MPLS uplink automatically, as it is pointed out a third party VPN tunnel.
We were told that we would have to leverage an API to implement a IP SLA in order to automatically fail over the traffic.
Would love to know if anyone else has run into this and has any recommendations or ideas?
Is this a realistic solution? I don't think our team currently has the API skills necessary to implement this unless there is a step by step for creation/maintenance.
Any insight or advice would be greatly apprecaited!
Thanks!