Good morning colleagues,
I have 02 links (primary and secondary) and I want my secondary link to be exclusively for my VPN. Configure SD-WAN policies but when I connect to the VPN, the connection is made with my primary link.
Are you talking about VPN S2S? If yes, Is it a Meraki VPN or Non-Meraki VPN?
thanks for your answer, it is a VPN client for my workers who are at home
Perfect, Is it a dedicated link? If yes, you just need to configure the secondary link IP address in your connection configuration, It's not necessary to create a rule.
Yes, it is a dedicated link, have I already configured the IP of my secondary link or where is it configured?
Sorry, my bad.
You need to configure the IP address of secondary link in your L2TP connection.
For my end users to connect, they use the Windows VPN client and there I only put the MX hostname, or where should I configure the IP of my WAN 2?
In this case either you configure the IP or you can configure an external DDNS (like noip.com) for the Wan2 IP.
One more thing, if for some reason Wan 2 loses connectivity, you will need to manually configure the client to work on Wan 1, so I don't know if it's a good option.
Indeed, we did that once but when the main link goes down, we have to manually change it, that's why we chose to place the MX hostname and not the IP.
That internet stream option not working?
I'm not sure, I have never used It for this purpose. 😅 But I'm pretty sure not.
By default (without load balancing), internet-bound traffic will flow out of the MX's primary uplink. The MX can also be configured to send traffic out of a specific interface based on the traffic type (policy-based routing), or based on the link quality of each uplink (performance-based routing). Flow preferences can be configured to define which uplink a given flow should use. Flow preferences will also supersede load balancing decisions.
Internet Traffic
Flow preferences for internet-bound traffic can be configured to force traffic over a specific uplink based on its source and/or destination. These preferences can be used if a specific uplink should be designated for a particular type of traffic, such as traffic bound for a cloud-hosted service.
Maybe this solution is a better option https://community.meraki.com/t5/Security-SD-WAN/Client-VPN-Using-WAN-2-Secondary/m-p/19086
It's true, I agree with@ww .