Meraki

Community

Azure vMX and default routing

Ste
Comes here often
‎May 5 2023 8:34 AM
‎May 5 2023 8:34 AM

Azure vMX and default routing

Dear all,

 

I've a vMX deployment in Azure and i need to use it as default gateway for the vnet connected. I mean that the vMX have to be the security gateway for internet access for the VMs attached at the vnet.

 

I've set up the vMX following this guide: https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure

and on Azure routing table I've set 0.0.0.0/0 and next hope the vMX ip but it doesn't work. 

 

Can you please clarify if this configuration is supported?

 

Thank you

0 Kudos
3 Replies 3
GreenMan
Meraki Employee
Meraki Employee
‎May 5 2023 9:12 AM
‎May 5 2023 9:12 AM

As things stand, the VMX is not built for this use case.  From the Overview section of the document you have linked:   VMX is "a virtual MX appliance running in the Azure Cloud that serves as an Auto VPN termination point for your physical MX devices"   The features that make an MX appliance a UTM for a site (firewall, IPS, content filtering, malware scanning) are not charged for / supported by the vMX (there's no Advanced Security license for vMX)

 

For your use case, you're probably better off with something like a virtualised Firepower:  https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw-virtual/threat-defense-vir...

In response to GreenMan
Ste
Comes here often
‎May 11 2023 5:11 AM
‎May 11 2023 5:11 AM

Ok no UTM but routing and L4 firewall are necessity.
 
Anyway now I've all my on prem networks connected to the Azure site throught vMX auto vpn tunnel. 
 
I can establish connetion from on prem clients to the Azure resources but I cannot establish connection from Azure resourses to my on prem devices. 
 
Seems that vMX doesn't route the traffic from Azure to the on prem network.
 
Is this expected too?
0 Kudos
In response to Ste
GreenMan
Meraki Employee
Meraki Employee
‎May 11 2023 5:40 AM
‎May 11 2023 5:40 AM

It will route via VPN -   to Meraki MX via AutoVPN or other IPSec tunnel terminators via non-Meraki VPN.  If your on-prem devices are 'out there' via the the Internet, you won't be able to reach them natively (no VPN) via the VMX.   Do you not need to secure that traffic?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2025 Cisco Systems, Inc.