Meraki

Community

About lostinpcaps

Re: Non-Meraki VPN to Same Private Subnet

by in Security & SD-WAN
‎Mar 26 2024 1:28 PM
‎Mar 26 2024 1:28 PM
Thank you, after doing further research i believe this to be correct and that a vMX would be the best solution for this. Adittionaly i believe i can also disable/remove the second tunnel in AWS. This will remove the redundancy but will stop the alerts we are getting from a tunnel being down. ... View more

Non-Meraki VPN to Same Private Subnet

by in Security & SD-WAN
‎Mar 26 2024 5:33 AM
‎Mar 26 2024 5:33 AM
I am setting up two site-to-site VPN connections on an MX85 unit. These VPN connnections terminate into AWS using different public IP's but route to the same private IP subnets of 10.20.1.0/24.These two connections are individual tunnels of a 2 tunnel AWS VPN connection. The VPN connections work when only one connection/tunnel is active at a time. When both connections/tunnels are active at the same time traffic stops routing. I believe this is due to the VPN connections routing to the same private subnet of 10.20.1.0/24, and the MX doesn't know which route to send traffic over as it has two routes to the same destination subnet. Checking the routing table in the MX when both connections are active, I do see a green dot next to one of the routes and a plain dash next to the other, in my mind this means that one is active and the second is on standby as failover. The ideal setup is to have one VPN connection be active and the second be a failover in case one tunnel goes down. Does anyone else know if this setup is possible with the MX85? I have read the documentation on site-to-site VPN's but found nothing on this matter. Thank you! ... View more
Labels:
© 2024 Cisco Systems, Inc.