Set WAN2 as default IP for dynamic-m.com

swy
Conversationalist

Set WAN2 as default IP for dynamic-m.com

Hi all,

 

Is there any way to influence the dynamic-m.com aliases?  My client VPN config points them at the default hostname.
That hostname defaults to WAN1 interface.
That’s not bad… but for some “poor man load balancing and traffic shaping” goals, I’d like to have WAN2 be the endpoint for VPN connections.
I could redo the configuration to the -2.dynamic-m.com address, but that will sacrifice redundancy in the event that WAN2 is lost, so I don’t love that idea.

4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal

IMO the only way to achieve this is to configure WAN2 as primary and set a flow preference to WAN1 for your general traffic.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
swy
Conversationalist

Hm.  Interesting workaround.  Another idea I received is Route53+ health checks, where you config endpoints to use vpn.company.com and Route53 defines what dynamic-m endpoint gets used.  Kinda nifty if you're already a Route53 customer, not a path I'll be digging into.

 

 

KarstenI
Kind of a big deal
Kind of a big deal

Have you tested this? As far as I know the MX doesn't terminate RA-VPNs on the non-primary WAN. And the vpn.company.com solution will give you a certificate error when using the self-enrolled certificate.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
swy
Conversationalist

Untested- idea received in another forum, results not validated.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels