Hi,
In Azure, I have my vmx-subnet 10.64.4.0/24 and my internal subnet 10.64.1.0/24
The vmx is on 10.64.4.4.
What should the 'Single LAN' Interface Address be? I don't understand how I can set an interface address inside an Azure subnet.
Thanks,
Solved! Go to solution.
When the vMX has been provisioned to Azure, and come online, it should pull an address on its LAN interface. Usually it will only be in VPN Concentrator mode. NAT mode should only be used in certain specific scenarios.
After pulling an address (usually .4 in your vmx subnet), you need to setup a routetable in Azure, to route back and forth between the vMX and other ressources in Azure.
The VPN settings shown in your first screenshot refer to those vnets you have configured in Azure. these are then announced into the AutoVPN topology, and thus known to your spokes/hubs across AutoVPN.
Assuming you used 172.16.0.0/12 at your spokes and 10.0.0.0/8 in Azure for whatever cloud servers, you'd usually enter 10.0.0.0/8 in the VPN settings on the vMX. Then this entire /8 will be announced to all your spoke sites that are using 172.16.0.0/12. In turn, the spokes will have 10.0.0.0/8 in their routetable showing the vMX as the next.hop for this subnet.
In Azure, you'd add 172.16.0.0/12 to the routetable with the vMX IP address as nexthop. In your case that would be 10.64.4.4. This is done for your servers in Azure to have a return route back to your spokes, via the vMX. The vMX will have 172.16.0.0/12 in its routetable, due to the spokes participating in AutoVPN.
When creating the Azure Routetable, make sure to attach it to your Meraki vMX Ressource Group. Also when deploying the vMX make sure you use the Standard SKU for Public IP addressing to the vMX.
If the vMX is on 10.64.4.4, the ‘Single LAN’ Interface Address should be an IP address within your internal subnet (10.64.1.0/24). This is because the vMX is configured with a single Ethernet connection to the upstream network, and all traffic will be sent and received on this interface.
Refer the documentation.
vMX Setup Guide for Microsoft Azure - Cisco Meraki Documentation
Hi, sorry I don't understand this. the device isn't attached to the internal subnet. Do I just choose an IP from the internal subnet?
https://www.youtube.com/watch?v=Prp9HrBjG14
Thanks, I had followed a couple of tutorials and they all showed that you should add local networks here, but didn't require an interface address. This makes sense as I want to explicitly state which networks are advertised through the VPN.
however I can define a network in Addressing and VLANs and add it in the VPN Settings, but I am required to specify an interface address for the network. which doesn't make sense as that interface wouldn't be attached to the subnet.
When the vMX has been provisioned to Azure, and come online, it should pull an address on its LAN interface. Usually it will only be in VPN Concentrator mode. NAT mode should only be used in certain specific scenarios.
After pulling an address (usually .4 in your vmx subnet), you need to setup a routetable in Azure, to route back and forth between the vMX and other ressources in Azure.
The VPN settings shown in your first screenshot refer to those vnets you have configured in Azure. these are then announced into the AutoVPN topology, and thus known to your spokes/hubs across AutoVPN.
Assuming you used 172.16.0.0/12 at your spokes and 10.0.0.0/8 in Azure for whatever cloud servers, you'd usually enter 10.0.0.0/8 in the VPN settings on the vMX. Then this entire /8 will be announced to all your spoke sites that are using 172.16.0.0/12. In turn, the spokes will have 10.0.0.0/8 in their routetable showing the vMX as the next.hop for this subnet.
In Azure, you'd add 172.16.0.0/12 to the routetable with the vMX IP address as nexthop. In your case that would be 10.64.4.4. This is done for your servers in Azure to have a return route back to your spokes, via the vMX. The vMX will have 172.16.0.0/12 in its routetable, due to the spokes participating in AutoVPN.
When creating the Azure Routetable, make sure to attach it to your Meraki vMX Ressource Group. Also when deploying the vMX make sure you use the Standard SKU for Public IP addressing to the vMX.
Sorry for the radio silence
OK, so I have put it into VPN Concentrator mode and that seems to have worked. Many thanks for the help.