Two Non-Meraki Tunnel from MX and failover

Tarmahmood1
Getting noticed

Two Non-Meraki Tunnel from MX and failover

Hi,

 

As shown in diagram, I have two MX-85 connected to ISP1 and ISP2. At the moment i have configured MX85(primary) connected to ISP1 and established non-VPN tunnel to CSR1000v1 "CSR1000v1". Now i am going to add MX-85(backup) connected to ISP2 as warm spare. If i add another peer non-meraki tunnel as CSR1000v2, how MX-85 in warm-spare will know it will use second tunnel. What i am thinking is if Primary MX has tunnel to CSR1000v1 after failover of MX(primary), the backup will use the same tunnel(CSR1000v1) not CSR1000v2. Any idea?

 

Note:Both tunnel will have same private subnets.

Tariqmahmood_0-1682324462230.jpeg

Thanks

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

You need to use the virtual IP.

 

The virtual IP address (VIP) is shared by both the primary and warm spare VPN concentrator. VPN traffic is sent to the VIP rather than the physical IP addresses of the individual concentrators.

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#WAN_Vir...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Tarmahmood1
Getting noticed

@alemabrahao As per my understanding the virtual IP address(VIP), i need to get it from ISPs? or will give any private subnet by my own? Since i am using only only /30 subnet for both ISPs. Can i continue with /30 address i.e using only MX uplink IP for the time being?

alemabrahao
Kind of a big deal
Kind of a big deal

You need at least a /29 as you will need 3 addresses, one for each MX and one more for the VIP. That is, you have to check with your ISP about the possibility of increasing your range (and it certainly must have some cost).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels