Configuring IPSec between Meraki and VNS3 with WAN Failover

Follow

VNS3 is the easiest and most reliable way to connect your cloud deployments to a Meraki device with support for WAN failover.

Cisco Meraki offers the option of configuring a backup WAN connection in the event that your primary internet connection goes offline. Usually these connections will have different public IP addresses. Without VNS3, maintaining IPSec stability during a failover situation is difficult if not impossible.

This guide will assist you in setting up an IPSec connection between VNS3 and a Cisco Meraki that will remain stable when switching between a primary and secondary WAN connection on the Meraki side.

Watch the Video Guide on YouTube

 

Here is a diagram of the configuration:

Screen_Shot_2017-03-30_at_1.44.50_PM.png

 

Please note that this configuration will require two IPSec endpoints be defined in VNS3. If your controller is licensed for only one, or if your endpoint limit has been met, you will need to contact Cohesive Networks to request a license upgrade.

The failover process may take anywhere from two seconds to six minutes; manual failovers are generally faster, usually dropping for less than ten seconds.  Note that all failovers, manual or automatic, must be initiated by the Meraki.

 

Here are the "Extra configuration parameters" referenced in the video:

dpdaction=clear

dpddelay=15s

dpdtimeout=60s

connection=receive

connection-rekey=no

 

If you have any questions or require assistance with your setup, do not hesitate to contact our support team.

Have more questions? Submit a request

Comments