Azure vMX

Solved
Shonken
Here to help

Azure vMX

I am sure I am missing something, but for the life of me I can't find it...

I setup the two subnets, created the vMX, added a VM with a separate subnet.  From the Azure VM I can ping the vMX.  From the vMX I can ping the Site to Site VPNs.  From my site I can ping the Gateway for the Azure VM subnet.  

 

What I can't do is ping the Azure VM from either the vMX or my local site.  Nor can I ping the local site from the Azure VM.

 

Both the vMX and VM subnets are in the same vnet. The Azure VM is in the same resource group as the vnet though I have tried creating a new resource group with VM and it had the same outcome.

 

Any thoughts appreciated.

1 Accepted Solution
Shonken
Here to help

Thank you everyone for your help in trying to fix this... Turns out I had to switch to Passthrough/VPN Concentrator mode and then the stars aligned and everything could talk.  For anyone else that may stumble on this in the future this article was helpful even though its older: How to deploy a Cisco Meraki vMX100 into Microsoft Azure • AboutNetworks.net

View solution in original post

5 Replies 5
GIdenJoe
Kind of a big deal
Kind of a big deal

I'm not proficient with cloud however I do know you need to add routes for your branch sites in Azure if you are not using BGP and vice versa you will need to announce the Azure vm nets on your Meraki vMX towards the branch offices.

So in Azure you will need to add static routes pointing towards the IP of your vMX.

And on the vMX on the site2site VPN page you need to add the local networks.

Shonken
Here to help

Sorry, yes I do you have a route table setup that points to the vMX for the remote subnets.  When I run a tracert from the Azure VM the first hop reports the vMX IP address but all subsequent hops time out.

 

Edit: Forgot to say thank you for replying. 🙂

PhilipDAth
Kind of a big deal
Kind of a big deal

Try disabling Windows Firewall as a test.

 

Have you added the Azure subnets into the VMX config in Azure (which causes the subnets to appear in AutoVPN)? 

PhilipDAth_0-1684443570260.png

 

Does the on-premise MX route table show the Azure routes?

Shonken
Here to help

Thanks for the reply... The subnet is listed in the Site-to-Site VPNs and it is enabled.  I did try disabling the windows firewall as well, no luck.  I have also completely removed the NSG and the external IP just to rule it out.  

Shonken
Here to help

Thank you everyone for your help in trying to fix this... Turns out I had to switch to Passthrough/VPN Concentrator mode and then the stars aligned and everything could talk.  For anyone else that may stumble on this in the future this article was helpful even though its older: How to deploy a Cisco Meraki vMX100 into Microsoft Azure • AboutNetworks.net

Get notified when there are additional replies to this discussion.