Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anyconnect on MX and vMX

bubblewrap
Comes here often
‎Feb 24 2022 2:48 PM
‎Feb 24 2022 2:48 PM

Anyconnect on MX and vMX

Hi, we recently deployed a Meraki vMX to Azure and am trying to find documentation on setting up AnyConnect so that our users can connect to the Azure resources through the Azure Meraki vMX.
 
Also, if we have Meraki on premise and have Anyconnect configured to the on-premise/in office MX, how will the Anyconnect client work? We don't users to have to manage multiple entries, can we use a DNS service? We would want our users to connect to the Azure vMX in case of a DR scenario.  Or Will Meraki's built-in DNS recognize it?
 
Thanks.
0 Kudos
Subscribe
5 Replies 5
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Feb 26 2022 12:22 PM
‎Feb 26 2022 12:22 PM

You will have to explicitly configure which Anyconnect headend the users will be connecting to.

 

Such as setup ion your case could look like this:

  1. Your users still connect to your on prem MX and will have access to your internal data
  2. Your on prem MX builds an automatic AutoVPN tunnel to your vMX in Azure. This way, your internal users as well as your roaming clients will be able to access resources within Azure.

This could also be working the other way around, but you'll have to keep in mind that there are possible limitations posed by Azure for outgoing traffic from your Anyconnect clients.

0 Kudos
Subscribe
In response to CptnCrnch
bubblewrap
Comes here often
‎Mar 1 2022 5:19 PM
‎Mar 1 2022 5:19 PM

Thanks,

But what if we are in a DR scenario where our prem MX goes down and users need to connect to Azure vMX using Anyconect? 

Will it be...
For on-premise : https://mx100-whatever-dynamic-m.com/
For vMX Azure - https://mx100-whatever-1-dynamic-m.com/

Something like that? Is there a way to do automatic failover if on prem MX goes down?


I also noticed the below on Reddit....are these solutions possible?
https://www.reddit.com/r/meraki/comments/q7szpt/custom_meraki_hostname/
https://www.reddit.com/r/meraki/comments/dp9hhj/point_dns_a_record_to_meraki_firewall_hostname/



 






0 Kudos
Subscribe
In response to bubblewrap
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Mar 1 2022 11:50 PM
‎Mar 1 2022 11:50 PM

How about configuring vMX as Backup Server?

 

0 Kudos
Subscribe
In response to CptnCrnch
bubblewrap
Comes here often
‎Mar 3 2022 4:08 AM
‎Mar 3 2022 4:08 AM

 

Will this work with Meraki? 
So in the profile editor I put
https://mx100-whatever-dynamic-m.com/
https://mx100-whatever-1-dynamic-m.com/

Note we currently have Anyconnect deployed through our ASAs (moving to Meraki), and I don't believe we use .pcf files or anything.

0 Kudos
Subscribe
In response to bubblewrap
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Mar 4 2022 12:39 PM
‎Mar 4 2022 12:39 PM

As written above: I'd simply configure https://mx100-whatever-1-dynamic-m.com/ as Backup Server using the Profile Editor and push out that profile via GPO.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.