Meraki

Community

Meraki vMX Anyconnect Full Tunnel in AWS

Solved
propersky
Conversationalist
‎Apr 14 2022 1:04 PM
‎Apr 14 2022 1:04 PM

Meraki vMX Anyconnect Full Tunnel in AWS

Has anyone been able to successfully get an AnyConnect client to route ALL of its traffic through a vMX ec2 instance out to the internet? 

 

We have a vendor that requires us to connect to their site with a static IP address and we're going fully virtual so no more appliances.  Essentially AnyConnect users will route all their traffic through AWS after connecting to AnyConnect.

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 14 2022 1:36 PM
‎Apr 14 2022 1:36 PM

Hopefully, your vendor will adopt MFA and a zero trust model; but in the interim you are going to have to do it the tough way.

 

You need to put something in front of the VMX to perform NAT.  I typically use an Ubuntu box.  Behind this, you put the VMX.  All traffic has to go through the Ubuntu box to get to the VMX (so the Ubuntu box will need a port forward to the VMX).  Any traffic leaving the VMX will be NATed to the IP address of the Ubuntu box, so from Amazon AWS perspective, all traffic is coming from the Ubuntu box.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 14 2022 1:36 PM
‎Apr 14 2022 1:36 PM

Hopefully, your vendor will adopt MFA and a zero trust model; but in the interim you are going to have to do it the tough way.

 

You need to put something in front of the VMX to perform NAT.  I typically use an Ubuntu box.  Behind this, you put the VMX.  All traffic has to go through the Ubuntu box to get to the VMX (so the Ubuntu box will need a port forward to the VMX).  Any traffic leaving the VMX will be NATed to the IP address of the Ubuntu box, so from Amazon AWS perspective, all traffic is coming from the Ubuntu box.

In response to PhilipDAth
propersky
Conversationalist
‎Apr 14 2022 3:58 PM
‎Apr 14 2022 3:58 PM

Thanks Philip.  We burned a bit of time going down this rabbit hole.  I appreciate the simplicity of your solution but really wish it weren't so.  Thanks so much for the quick response. 

0 Kudos
In response to PhilipDAth
stgonzo
Getting noticed
‎Jun 29 2023 12:26 PM
‎Jun 29 2023 12:26 PM

@PhilipDAth Do you have any links to guides or resources on how to do this? Thanks in advance

0 Kudos
In response to stgonzo
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 29 2023 1:03 PM
‎Jun 29 2023 1:03 PM

Negative.  It is a complex configuration.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.