Meraki

Community

VPN and Warm Spare

ylutigneaux
New here
‎Oct 6 2023 5:10 AM
‎Oct 6 2023 5:10 AM

VPN and Warm Spare

Hello !

 

I have configured a VPN site to site between à MX105 and a MX68. It's working great. 

 

I have tried to hade a second MX68 to do a warm spare. The warms spare is working great for Internet connection. I have only one internet connection, the both MX68 are connected by a switch to the conenction internet

 

But When i do a swap between my primary to my slave, the VPN connection is lost and don't restart even a long time. 

 

I tried with Virtual IP adresse in warm configuration and without but it's the same problem. 

 

Have you any idea of the problem ? 

 

Have a nice day,

Yoann

Labels:
0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 6 2023 5:35 AM
‎Oct 6 2023 5:35 AM

Do both of your MX68 have a public IP? I've seen ISPs where the first device got the public IP from a /30 but the second only a private IP from a DHCP pool. This could break VPN connectivity.

And are you talking about AutoVPN or a manual IPsec config?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
ylutigneaux
New here
‎Oct 6 2023 5:59 AM
‎Oct 6 2023 5:59 AM

Hi Karstenl,

 

In fact i could identfy that the main problem come from Cellular connection. When i get out the SIM Card from my first Meraki it's working great. 

 

I have made an AutoVPN configuration. 

 

I am searching for some info on cellular conenction. I break my Warm spare to test with only one MX. I am able to get a VPN connection without SIM Card but not when i have SIM Card and Wan connected... 

0 Kudos
ylutigneaux
New here
‎Oct 6 2023 6:13 AM
‎Oct 6 2023 6:13 AM

I Think i got it... I activate this "Do not create VPN tunnels over the secondary uplink unless the primary uplink fails." in SD-Wan configuration.

 

To my minf, MX is unable to connect VPN between the Cellular and Wan connection at the same time. So with this option, i activate Tunnel on cellular only when WAN1 come down. 

 

Now it's working as i want. 

 

Thanks for help 

In response to ylutigneaux
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 6 2023 6:25 AM
‎Oct 6 2023 6:25 AM

👍

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.