Meraki

Community

VPN connectivity change

networkninja_
Comes here often
15 hours ago
15 hours ago

VPN connectivity change

I am seeing this every time my uplink changes due to connection dropping, I understand the uplink status change but why would the vpn drop as well? if uplink 0 (Primary) is the connection to MPLS, it doesn't create a site to site vpn tunnel.

The only site to site vpn is when using  uplink 1 (Secondary) which is the meraki spoke connection to a MX250 hub

networkninja__0-1734538906429.png

 

when failing over to the meraki uplink I would expect the vpn to stay up, not go down

0 Kudos
5 Replies 5
RWelch
A model citizen
14 hours ago
14 hours ago

Site-to-Site VPN Troubleshooting 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
RWelch
A model citizen
14 hours ago
14 hours ago

Configuring Site-to-site VPN over MPLS 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
AnthonyN
Meraki Employee
Meraki Employee
10 hours ago
10 hours ago

Hey there, 

Is your MPLS link your primary or secondary uplink for the MX? And do you have Active-Active Enabled? That may explain the behavior your seeing. 

 

If you'd like to have a failover scenario, then follow this KB

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

---------------
If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
In response to AnthonyN
networkninja_
Comes here often
9 hours ago
9 hours ago

Let me take a look at that KB, as for your questions the MPLS link is the primary and the Active-Active is disabled, should I change it to enable?

0 Kudos
In response to networkninja_
AnthonyN
Meraki Employee
Meraki Employee
4 hours ago
4 hours ago

If the MPLS is your primary then it is expected behavior for the MX to try and attempt to form a tunnel over it. I don't believe there will be an option  to disable autoVPN tunnel over a Primary uplink. 

 

You can enable Active-Active to have a "quicker" failover behavior but I'd start with the KB I previously linked 🙂 

---------------
If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.