Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Graceful or Immediate WAN failover for non-Meraki site-to-site VPNs?

JohnMas
New here
‎Jan 31 2024 7:16 PM
‎Jan 31 2024 7:16 PM

Graceful or Immediate WAN failover for non-Meraki site-to-site VPNs?

Does anyone know which setting for WAN failover works best when dealing with a non-Meraki VPN? Graceful or immediate?

 

I can't find documentation on what the appliance will do with the VPN tunnel, whether it waits during graceful mode to restart tunnel negotiation using the secondary link as it would an existing flow.

 

In the past, I've had issues where a fail-back from the secondary WAN to the primary that's too quick (<1-2 min) will result in stale security associations on the third-party appliance and a failure to rebuild the tunnel to my primary WAN.

 

I'm curious if the feature makes any difference in this scenario.

Labels:
0 Kudos
Subscribe
1 Reply 1
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 1 2024 1:51 AM
‎Feb 1 2024 1:51 AM

For non-Meraki VPNs, there isn't much to do, the failover has to be manual since you can't do a PBF on the MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.