activate second WAN for VPN

Solved
Jose_aisos
Here to help

activate second WAN for VPN

I have 02 links (primary and secondary) automatically my VPN goes through the primary one but I want the VPN to go out through my second link every time I have a drop in the main internet, I have the autoVPN configuration activated.

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are connecting via that hostname, then on WAN link failover DDNS will update that entry with the IP address of the second WAN port.  As long as the client is connecting to that, it should work.

 

The other consideration is if the MX has the public IP directly on its second WAN port, or if it is sitting behind something doing NAT.  If it is sitting behind something doing NAT, and that device will need to port forward udp/500 and udp/4500 to the MX.

View solution in original post

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal

Without configuring anything - this is the default behaviour for AutoVPN.

Jose_aisos
Here to help

thanks for your answer. I have it configured as automatic but still I can't connect to the vpn, is there a rule that is created?vpn.png

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you using AutoVPN between MX - or are you talking about Client VPN between a computer and a MX?

 

If it is a client VPN, connect to the DDNS name of the MX.  This should update within 10 minutes of a failure happening.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

Jose_aisos
Here to help

It is an AUTOVPN between a VPN client of a computer and the MX and in my client configuration I have it with the hostnamemx.png

PhilipDAth
Kind of a big deal
Kind of a big deal

If you are connecting via that hostname, then on WAN link failover DDNS will update that entry with the IP address of the second WAN port.  As long as the client is connecting to that, it should work.

 

The other consideration is if the MX has the public IP directly on its second WAN port, or if it is sitting behind something doing NAT.  If it is sitting behind something doing NAT, and that device will need to port forward udp/500 and udp/4500 to the MX.

Jose_aisos
Here to help

Thanks a lot, I going to configured my FW whit the ports indicates and i'll down my wan 1 to test.

Jose_aisos
Here to help

Hi PhilipDAth,

I tried to configure what it indicates but even so my wan 2 does not raise the VPN, my users cannot connect to the VPN, I am going to ask my provider to remove the NAT from the router and for my FW to take the IP of the router.

 

Jose_aisos
Here to help

Hi Philip,

 

I get the following message 

  • xx.xx.xx.xx is the primary IP address of Internet port 2 and cannot be forwarded.

 

Jose_aisos
Here to help

Thank you very much for the help, I was finally able to use my wan 2 with my vpn, the problem was that I was behind a nat, my provider disabled it and I was able to connect.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels