Community
  • About RaulR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: WE Need IPV6 Support in MX

by Meraki Employee in Security / SD-WAN
Wednesday
3 Kudos
Wednesday
3 Kudos
Hi Everyone!   I am a long time lurker not poster, but here goes since I noticed an update in the IPv6 @ Meraki thread and wanted to get it in front of everyone in this thread as some may not be aware off or following the update thread. TLDR: Improvements to client VPN functionality to handle IPv6 only clients to connect through a NAT64 from their providers https://community.meraki.com/t5/Full-Stack-Network-Wide/IPv6-Meraki/m-p/81683/highlight/true#M1465 If you have IPv6 only connectivity and are leveraging NAT64, I urge you to share it with the community your ISP and if your setup works or doesn't.   Stay safe & healthy!   Cheers,   -Raul ... View more

Re: Sharing experience - Tag Based IPsec VPN Failover

by Meraki Employee in Developers & APIs
‎12-18-2019 03:16 PM
‎12-18-2019 03:16 PM
There are a couple of ways to handle tags (The article assumes more than one MX, so the location tags are never removed/deleted hence they always exist in another network).  You can accomplish this by having an empty network hold the tags so they always exist.   1. Create a VPN config holding network:  (Network itself should not contain an MX - Good in the case only 1 MX has VPN config) Organization > Create Network > Select Security appliance name "VPN Tag Hold" 2. Add a tag to the network ^ ie. [location]_primary_up and [location]_backup_up Never remove the tags from this network, so they always exist. 3. Apply this tag to the multiple Non-Meraki Peers availability section This will hold the Non-Meraki VPN peers config as you switch real network availability tags as it cannot be empty. Then you can assign and remove the tags from the live MX network to fail between them without the error they don't exist. The other option would be to have a hold network and a tag per location that represent the MX location itself.  You would then have a VPN configuration in the availability will always have a holding tag from the network that's not used such as vpn_tag_hold (This merely maintains the configuration available in the site to site vpn Non-Meraki peers section.  From there you could always just add/remove the specific network's availability tag (ie. if primary is down, you'd use [location]_backup_up tag in the 2nd 3rd party peer however if the primary is up this config would be removed and you'd have [location]_primary_up in the 1st 3rd party peer availability section)   Cheers, -Raul ... View more

Re: Sharing experience - Tag Based IPsec VPN Failover

by Meraki Employee in Developers & APIs
‎12-18-2019 01:50 PM
‎12-18-2019 01:50 PM
Think about it like this. Each network will have [Location]_primary_up and [location]_backup_up. So these will be on the network at all times. What changes is that you either have the [location]_primary_up or [Location]_backup_up configured as the selected tag in the Non-Meraki VPN peers > Availability section. The only time the tag information changes is what's configured in the availability section. The MX is always configured with both tags. So if you have two 3rd party peers, you'd remove the tag from the availability on the failed primary and add the tag to the online secondary peer (Vice versa, when you fail back to primary).  There should only be either [location]_primary_up or [location]_backup_up configured in the VPN section at a time. Hope that makes sense! ... View more
My Top Kudoed Posts
© 2020 Meraki