VPN with secondary link

Jose_aisos
Here to help

VPN with secondary link

Good morning colleagues,

I have 02 links (primary and secondary) and I want my secondary link to be exclusively for my VPN. Configure SD-WAN policies but when I connect to the VPN, the connection is made with my primary link.SD-WAN.png

12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal

Are you talking about VPN S2S? If yes, Is it a Meraki VPN or Non-Meraki VPN?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jose_aisos
Here to help

thanks for your answer, it is a VPN client for my workers who are at home

alemabrahao
Kind of a big deal
Kind of a big deal

Perfect, Is it a dedicated link?  If yes, you just need to configure the secondary link IP address in your connection configuration, It's not necessary to create a rule.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jose_aisos
Here to help


Yes, it is a dedicated link, have I already configured the IP of my secondary link or where is it configured?wan meraki.png

alemabrahao
Kind of a big deal
Kind of a big deal

Sorry, my bad. 

 

You need to configure the IP address of secondary link  in your L2TP  connection.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jose_aisos
Here to help

For my end users to connect, they use the Windows VPN client and there I only put the MX hostname, or where should I configure the IP of my WAN 2?

alemabrahao
Kind of a big deal
Kind of a big deal

In this case either you configure the IP or you can configure an external DDNS (like noip.com) for the Wan2 IP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

One more thing, if for some reason Wan 2 loses connectivity, you will need to manually configure the client to work on Wan 1, so I don't know if it's a good option.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jose_aisos
Here to help


Indeed, we did that once but when the main link goes down, we have to manually change it, that's why we chose to place the MX hostname and not the IP.

That internet stream option not working?

vpn_flujo.png

alemabrahao
Kind of a big deal
Kind of a big deal

I'm not sure, I have never used It for this purpose. 😅 But I'm pretty sure not.

 

Flow Preferences

By default (without load balancing), internet-bound traffic will flow out of the MX's primary uplink. The MX can also be configured to send traffic out of a specific interface based on the traffic type (policy-based routing), or based on the link quality of each uplink (performance-based routing). Flow preferences can be configured to define which uplink a given flow should use. Flow preferences will also supersede load balancing decisions. 

 

Internet Traffic

Flow preferences for internet-bound traffic can be configured to force traffic over a specific uplink based on its source and/or destination. These preferences can be used if a specific uplink should be designated for a particular type of traffic, such as traffic bound for a cloud-hosted service. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

alemabrahao
Kind of a big deal
Kind of a big deal

It's true, I agree with@ww .

 

alemabrahao_0-1665828048154.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels