Meraki

Community

Change SKU from basic to standard on IP address on Meraki VMx

DKSysAdmin
Comes here often
‎Apr 15 2025 1:14 PM
‎Apr 15 2025 1:14 PM

Change SKU from basic to standard on IP address on Meraki VMx

I'm somewhat new to working with Meraki, more experience in Azure. Microsoft has not released any migration tool as of yet to address the matter of changing from a basic to standard IP address SKU for Meraki VMx. The Sept 2025 deadline is getting too close.

 

I've read that in various scenarios that a network security group was assigned, corresponding rules created on an already deployed VMx but then VPN services went down. We have site to site and client VPNs.

 

I've read that the standard setup of the virtual appliance puts in a managed resource group which in reading is one of the main problems as well as the assigned availability zone being set to none. But setting it also did not help along with a NSG and setting rules. VPN still could not connect.

 

I've read that redeployment of the VMx was performed with not really any confirmed success. Individuals assigned a NSG while redeploying and setting rules for the various ports. But Client VPN still had a problem working. I also figure that the Managed Resource Group is still forced on the deployment being standard procedure in its deployment.

 

Anyone been able to successfully address this issue and having VPN reliably working. We are trying not to wait until Microsoft comes out with a tool or Meraki comes up with a solution and be caught in a bad situation. Neither seems to be talking about this matter.

 

Thank you.

Labels:
0 Kudos
3 Replies 3
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 15 2025 1:27 PM
‎Apr 15 2025 1:27 PM

This reddit thread has someone in your situation and seems to have gotten it working: https://www.reddit.com/r/meraki/comments/1deabnz/azure_vmx_nsg_use_after_basic_to_standard_public/mb...

You will have to redeploy your vMX as of now.
 
You  may want to take the opportunity to switch from concentrator mode to NAT mode. The MX would operate as normal firewall at that point and you could safely leave the NSG on the external interface to allow anything.

https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
DKSysAdmin
Comes here often
‎Apr 22 2025 1:24 PM
‎Apr 22 2025 1:24 PM

Thank you, I've seen so many Reddit posts, I've seen this one and figured if re-deployment is the route we need to take these would have been the steps involved. The Reddit post mentions route tables that can be wiped out. Are these route tables assigned in Azure to the vnet that the VMx is assigned to? Would you happen to know what route tables that could be wiped.

 

As for the mention of NAT mode, we currently have it deployed in that manner.

0 Kudos
In response to DKSysAdmin
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 22 2025 1:56 PM
‎Apr 22 2025 1:56 PM

Route Tables would not be wiped out. They are not part of the managed deployment, at worst you might have to adjust the ip where your routes point to. I would not think you would have to adjust their vnet assignment. Especially if you already deployed as NAT mode.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.