Trouble Shooting VPN Tunnel on a MX65 with multi WAN Connections

Takongs
Conversationalist

Trouble Shooting VPN Tunnel on a MX65 with multi WAN Connections

Looking for some help trouble shooting an issue at a location with 2 ISP connected to a MX 65. One connection WAN 2 is 500m Symmetrical and the other WAN 1 is 5M Symmetrical.   My primary link is set to WAN 2 and all of my locations VPN tunnels and outside internet traffic are using that link but the site to site VPN tunnel going to my DC it is using WAN 1 and I cant figure out why. Is there a good way in the dashboard to understand why it is taking WAN 1 when the performance stats are so much worse it all most treating it like WAN 2 link is down and force the VPN traffic to use WAN 1 which is causing performance issues. This all start happing around 1 AM this morning it was working fine before that.  

3 Replies 3
Ryan_Miles
Meraki Employee
Meraki Employee

Have you tested taking down WAN 1 to verify the tunnel is up at all on WAN 2? Sounds like it might not actually be up.

 

Is your DC also a Meraki MX or non Meraki VPN peer? If Meraki MX at DC is it in NAT routed mode at the edge or Concentrator mode behind a firewall?

Ryan / Meraki SE

If you found this post helpful, please give it Kudos. If my answer solved your problem click Accept as Solution so others can benefit from it.

As soon as I take WAN 1 down I loose communication to the DC. The DC is a Meraki MX 100 and it is sitting behind a firewall not sure how to tell what mode it is to be 100% with you but I will lookDC-2-Meraki Dashboard.png. This morning around 1am it just looks like the tunnel for WAN 2 drops off in the attached picture below.

Takongs
Conversationalist

Remotely rebooted the MX 65 again late last night and the tunnel back back up it looks like running some more test this morning to confirm. Its weird that the reboots I tried before that did nothing for it but that one did. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels