Meraki

Community

activate second WAN for VPN

Solved
Jose_aisos
Here to help
‎Jan 17 2022 8:04 AM
‎Jan 17 2022 8:04 AM

activate second WAN for VPN

I have 02 links (primary and secondary) automatically my VPN goes through the primary one but I want the VPN to go out through my second link every time I have a drop in the main internet, I have the autoVPN configuration activated.

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 18 2022 9:56 AM
‎Jan 18 2022 9:56 AM

If you are connecting via that hostname, then on WAN link failover DDNS will update that entry with the IP address of the second WAN port.  As long as the client is connecting to that, it should work.

 

The other consideration is if the MX has the public IP directly on its second WAN port, or if it is sitting behind something doing NAT.  If it is sitting behind something doing NAT, and that device will need to port forward udp/500 and udp/4500 to the MX.

View solution in original post

0 Kudos
9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 17 2022 9:15 AM
‎Jan 17 2022 9:15 AM

Without configuring anything - this is the default behaviour for AutoVPN.

0 Kudos
In response to PhilipDAth
Jose_aisos
Here to help
‎Jan 17 2022 9:58 AM
‎Jan 17 2022 9:58 AM

thanks for your answer. I have it configured as automatic but still I can't connect to the vpn, is there a rule that is created?vpn.png

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 17 2022 10:38 AM
‎Jan 17 2022 10:38 AM

Are you using AutoVPN between MX - or are you talking about Client VPN between a computer and a MX?

 

If it is a client VPN, connect to the DDNS name of the MX.  This should update within 10 minutes of a failure happening.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

0 Kudos
In response to PhilipDAth
Jose_aisos
Here to help
‎Jan 17 2022 10:52 AM
‎Jan 17 2022 10:52 AM

It is an AUTOVPN between a VPN client of a computer and the MX and in my client configuration I have it with the hostnamemx.png

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 18 2022 9:56 AM
‎Jan 18 2022 9:56 AM

If you are connecting via that hostname, then on WAN link failover DDNS will update that entry with the IP address of the second WAN port.  As long as the client is connecting to that, it should work.

 

The other consideration is if the MX has the public IP directly on its second WAN port, or if it is sitting behind something doing NAT.  If it is sitting behind something doing NAT, and that device will need to port forward udp/500 and udp/4500 to the MX.

0 Kudos
In response to PhilipDAth
Jose_aisos
Here to help
‎Jan 20 2022 7:37 AM
‎Jan 20 2022 7:37 AM

Thanks a lot, I going to configured my FW whit the ports indicates and i'll down my wan 1 to test.

0 Kudos
In response to Jose_aisos
Jose_aisos
Here to help
‎Jan 27 2022 7:30 PM
‎Jan 27 2022 7:30 PM

Hi PhilipDAth,

I tried to configure what it indicates but even so my wan 2 does not raise the VPN, my users cannot connect to the VPN, I am going to ask my provider to remove the NAT from the router and for my FW to take the IP of the router.

 

0 Kudos
In response to PhilipDAth
Jose_aisos
Here to help
‎Jan 31 2022 9:25 PM
‎Jan 31 2022 9:25 PM

Hi Philip,

 

I get the following message 

  • xx.xx.xx.xx is the primary IP address of Internet port 2 and cannot be forwarded.

 

0 Kudos
In response to PhilipDAth
Jose_aisos
Here to help
‎Feb 4 2022 8:49 AM
‎Feb 4 2022 8:49 AM

Thank you very much for the help, I was finally able to use my wan 2 with my vpn, the problem was that I was behind a nat, my provider disabled it and I was able to connect.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.