Send Internet Traffic Over WAN 2 Link

Solved
PaintTheNight
Here to help

Send Internet Traffic Over WAN 2 Link

We have 2 separate internet links on WAN 1 and WAN 2. We're using Site-to-Site VPN for internal traffic.

 

I want to sent all internal traffic over WAN 1 and Internet traffic over WAN 2.

 

I'm guessing I need to do this in "Security & SD-WAN -> SD-WAN & traffic shaping" but I can't figure out if I want to do this under the "flow preferences / internet traffic" section or the "VPN Traffic" section. 

1 Accepted Solution
Bruce
Kind of a big deal

@PaintTheNight, couple of steps. First make sure Load Balancing is disabled, make sure your primary uplink to WAN1, then set Internet Flow Preferences that match the source IP address(es) of your internal subnets and a destination of Any to use WAN2. Since the primary uplink is set to WAN1 this will be used as a preference, but all internet bound traffic that matches the Internet Flow Preferences will be routed over WAN2.

 

You could also approach this the other way round too. Set the primary uplink to WAN2, and then set a SD-WAN policy for VPN traffic with a filter of Any protocol, Any source, and Any destination to use WAN1 and failover if the uplink is down. This way the internet traffic will follow the primary uplink (i.e. WAN2) and the SD-WAN/VPN traffic will follow the policy you define.

 

Either way should work.

View solution in original post

3 Replies 3
Bruce
Kind of a big deal

@PaintTheNight, couple of steps. First make sure Load Balancing is disabled, make sure your primary uplink to WAN1, then set Internet Flow Preferences that match the source IP address(es) of your internal subnets and a destination of Any to use WAN2. Since the primary uplink is set to WAN1 this will be used as a preference, but all internet bound traffic that matches the Internet Flow Preferences will be routed over WAN2.

 

You could also approach this the other way round too. Set the primary uplink to WAN2, and then set a SD-WAN policy for VPN traffic with a filter of Any protocol, Any source, and Any destination to use WAN1 and failover if the uplink is down. This way the internet traffic will follow the primary uplink (i.e. WAN2) and the SD-WAN/VPN traffic will follow the policy you define.

 

Either way should work.

PaintTheNight
Here to help

Thanks for the reply @Bruce ! Appreciate it.

 

I'm still a little confused. Let's say i have 2 flows

 

172.20.20.20 -> 8.8.8.8 (want to push over WAN 2)

172.20.20.20 -> 172.21.21.21 (want to push over WAN 1)

Traffic_Method1.JPG

 

Won't the above configuration push all traffic over WAN 2 or have I misunderstood your configuration setup? 

ww
Kind of a big deal
Kind of a big deal

No

 

traffic in your autovpn is not internet-bound traffic.

 

The vpn will only use your primairy uplink if load balancing  is disabled and you dont have any Flow preferences for VPN traffic

 

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

 

 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels