Open to using Anyconnect to accomplish this. ... View more

I recall seeing a configuration in the last few months where the IP/subnet is assigned to the client based on the password the client enters. The mapping of password and subnet happens 100% in the dashboard. (Yes I know similar things can be done in an external RADIUS servers, but that isn't what I want). ... View more

Has anyone worked up a guide to configuring VPN failover from WAN 1 to WAN 2 where the other end is an ASA? On the MX the configuration should be trivial, but on the ASA side it might be a bit more involved. Haven't found anything here or in the Cisco Community on the topic that goes into specifics.   Also, does the MX support stateful failover for VPN traffic going to third party endpoints? For example, would TCP sessions and NAT translations be capable of being immediately reassigned to the VPN tunnel on WAN 2, without the need for the endpoints to restart whatever sessions they're running? ... View more

We've got a private circuit coming into a location and I'd like to know if anyone has experience routing traffic with an MX in such a situation. Does it work like a router works? It would be static routes. Currently it is served by a Cisco 2911. Replacing the 2911 with a pair of MX85's.   Sample topology   Internet --- metro e rtr 10.1.1.1 --- 10.1.1.2 MX85 10.3.1.1 --- LAN   This would be a temporary situation as we're converting to DIA fiber soon.    Twist: There is a backup LTE connection that would go into one of the MX85's. We'd do an IPSec third party VPN tunnel over this connection. I see no reason why that couldn't serve as backup, but maybe there are some limitations to the MX I'm not considering here. ... View more