one-armed Vpn Concentrator in HA - MX Uplink IP or Virtual Uplink IP

kev2five
Comes here often

one-armed Vpn Concentrator in HA - MX Uplink IP or Virtual Uplink IP

Hi all, 

I have my opinion, but looking for any more reasons to add to my choice of which option to use when building my MX HA Devices. 

 

What is the most common choice? MX Uplink IPs or Virtual Uplink IPs?

I think you get more redundancy of VRRP heartbeats if you use Virtual

The seamless failover really only effects the cloud portal, anything else?

 

Thanks in advance

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

For reasons of redundancy and scalability, whenever possible and of course if the client is willing to accept it, I always use VIP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal

I could be mistaken but I though one-armed concentrators in HA must use a VIP.

This VIP is then what's used as the destination point for the dashboard connectivity, S2S VPN connection, client VPN connection etc.

kev2five
Comes here often

 MX Uplink IPs does use a VIP, the uplink communication uses the distinct non shared ip though.

AaronMcElhinney
Conversationalist

This article will serve you well 

 

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide#:~:text=Use%....

 

Uplink IPs

Use Uplink IPs is selected by default for new network setups. In order to properly communicate in HA, VPN concentrator MXs must be set to use the virtual IP (vIP).

Get notified when there are additional replies to this discussion.