1. Feature Requests
  2. Ideas
+5

The MX appliances need to be able to do redundant VPNs over two ISPs.

Bailmeout 10 years ago updated by Rob Geoghan 8 years ago 7
The MX appliances need to be able to do redundant VPNs over two ISPs. My situation is that each office has two ISPs and we have IPSEC VPNs to Amazon (AWS). If the primary ISP goes I need the VPN to establish over the second ISP. The MX cannot do this as the ‘Private subnets’ cannot be defined on two VPN connections. Support fob the issue off to the other side saying that they need to handle the failover which is really not acceptable. Can some at Meraki let me know is this is on any roadmaps?
Under review
Rob Geoghan 10 years ago
I'm not with Meraki but I believe this is coming https://meraki.cisco.com/blog/2015/02/heres-a-sneak-peek-into-our-security-roadmap/ This is the post I found from Feb and I recall some quarterly update saying that they were hoping to get this feature in around now but it didn't make the latest firmware update from a couple weeks ago.
Cisco Meraki 9 years ago

This is included in the new GA (with the SD-WAN featureset.)

Completed
Rob Geoghan 9 years ago
Bailmeout 9 years ago

WHat is the 'SD-WAN featureset' and how do I get this?

Rob Geoghan 9 years ago

SD stands for software defined (I assume) it has always just been referred to as IWAN. https://meraki.cisco.com/iwan

Bailmeout 8 years ago

I finally have a working solution to this age old issue. I worked with Cohesive and they provided a solution that works really well. Setup instructions are in the Youtube below and key configuration settings are

dpdaction=clear

dpddelay=15s
dpdtimeout=60s
connection=receive
connection-rekey=no


You need to contact them for a special 2 x Remote Endpoint license which is different to the two options currently available as AMIs from AWS.



+1
Rob Geoghan 8 years ago

@Bailmeout, thanks for coming back to share. I hope it helps others.

Customer support service by UserEcho