Extendind the VPN to Azure - vMX + Azure Virtual Firewal + Azure Virtual WAN Hub

JPScolar
Here to help

Extendind the VPN to Azure - vMX + Azure Virtual Firewal + Azure Virtual WAN Hub

As per the Meraki documentation, I can extend the VPN to to Azure while providing high availability as per the attached picture.  

 

If understand correctly I will need an separate VNET for the vMXs, a virtual Firewall (here I'm assuming it will be a Azure virtual FW) and the Virtual WAN Hub. The vMX will be medium size.   

 

  • What could be the ballpark recurrent and non-recurrent costs to set this up? 
  • Does each vMX needs a separate FW.  Meraki documentation mentions the vMXs must be in different regions.  (two different concentrators, if the first one fails, the hbrenches will route traffic through the other VPN concentrator and not a active/stand-by  high-availability mode).

Thank you vMX+Azure.gif

 

Juan-Carlos Perez
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal

Ideally, you should contact your Meraki sales representative.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

>If understand correctly I will need an separate VNET for the vMXs,

 

A separate subnet is sufficient.

 

>a virtual Firewall (here I'm assuming it will be a Azure virtual FW)

 

I haven't seen anyone else Azure Firewall for this.  Everyone uses network security grounds.

 

Is your Azure spread across multiple regions?  Another simple option is to just put one (or two) VMXs into each region.

Get notified when there are additional replies to this discussion.