Meraki

Community

VPN client only works on WAN1

Luana
Comes here often
yesterday
yesterday

VPN client only works on WAN1

We configured failover, and when WAN1 goes down, WAN2 doesn't work on the VPN client, even when using DDNS in the VPN configuration.

0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

If you have both WANs activated, the VPN client will only work for the WAN that you have configured as primary, not for both at the same time. Because in case of failure, the working WAN will take over.

 

 

alemabrahao_0-1763492347555.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Luana
Comes here often
yesterday
yesterday

Hi, 🙂 but the problem is that when WAN1 fails, WAN2 becomes the primary connection, and the VPN client doesn't work. It only starts working again when WAN1 re-establishes the connection.

0 Kudos
In response to Luana
Mloraditch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Is the DDNS updating? if not, contact support

If the DDNS is updating, there could  be some sort of ISP issue, especially if you are using the older client vpn. What is your secondary ISP? Do you have public ips from them?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Luana
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Mas o cliente tem que desconectar e conectar novamente para reestabelecer a conexão, você chegou a fazer esse teste?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

When WAN1 fails, the appliance will send a DDNS update so that the DNS entry points to the IP address of WAN2.  The DNS update can take up to 10 minutes.  Typically it takes around 5 minutes.

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
16 hours ago
16 hours ago

Indeed, only the primary configured WAN is listening for the Client VPN sessions.
It does take some time for the DDNS to update.

You can however test this when doing an nslookup how long it takes for your to get the other IP address.
You can also test the absolute WAN addresses by checking dynamicname-1 or dynamicname-2.dynamic-m.com

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.