+2

The MX appliances need to be able to do redundant VPNs over two ISPs.

Bailmeout 2 years ago • updated by Rob Geoghan 9 months ago 7
The MX appliances need to be able to do redundant VPNs over two ISPs. My situation is that each office has two ISPs and we have IPSEC VPNs to Amazon (AWS). If the primary ISP goes I need the VPN to establish over the second ISP. The MX cannot do this as the ‘Private subnets’ cannot be defined on two VPN connections. Support fob the issue off to the other side saying that they need to handle the failover which is really not acceptable. Can some at Meraki let me know is this is on any roadmaps?
Under review
I'm not with Meraki but I believe this is coming https://meraki.cisco.com/blog/2015/02/heres-a-sneak-peek-into-our-security-roadmap/ This is the post I found from Feb and I recall some quarterly update saying that they were hoping to get this feature in around now but it didn't make the latest firmware update from a couple weeks ago.

This is included in the new GA (with the SD-WAN featureset.)

WHat is the 'SD-WAN featureset' and how do I get this?

SD stands for software defined (I assume) it has always just been referred to as IWAN. https://meraki.cisco.com/iwan

I finally have a working solution to this age old issue. I worked with Cohesive and they provided a solution that works really well. Setup instructions are in the Youtube below and key configuration settings are

dpdaction=clear

dpddelay=15s
dpdtimeout=60s
connection=receive
connection-rekey=no


You need to contact them for a special 2 x Remote Endpoint license which is different to the two options currently available as AMIs from AWS.



+1

@Bailmeout, thanks for coming back to share. I hope it helps others.