Meraki

swy · ‎Jul 20 2022

Hi all,

Is there any way to influence the dynamic-m.com aliases? My client VPN config points them at the default hostname.
That hostname defaults to WAN1 interface.
That’s not bad… but for some “poor man load balancing and traffic shaping” goals, I’d like to have WAN2 be the endpoint for VPN connections.
I could redo the configuration to the -2.dynamic-m.com address, but that will sacrifice redundancy in the event that WAN2 is lost, so I don’t love that idea.

KarstenI · ‎Jul 20 2022

IMO the only way to achieve this is to configure WAN2 as primary and set a flow preference to WAN1 for your general traffic.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

swy · ‎Jul 20 2022

Hm. Interesting workaround. Another idea I received is Route53+ health checks, where you config endpoints to use vpn.company.com and Route53 defines what dynamic-m endpoint gets used. Kinda nifty if you're already a Route53 customer, not a path I'll be digging into.

KarstenI · ‎Jul 20 2022

Have you tested this? As far as I know the MX doesn't terminate RA-VPNs on the non-primary WAN. And the vpn.company.com solution will give you a certificate error when using the self-enrolled certificate.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

swy · ‎Jul 20 2022

Untested- idea received in another forum, results not validated.

Meraki

Community

Set WAN2 as default IP for dynamic-m.com

Set WAN2 as default IP for dynamic-m.com