Meraki

Community

vMX 100 multiple subnets

Solved
EduardoML
Comes here often
‎Oct 23 2017 3:50 PM
‎Oct 23 2017 3:50 PM

vMX 100 multiple subnets

Hello Community!

 

I was wondering if you could help me determine if it is possible to use the vMX 100 in multiple zones/subnets

As far I've seen in the setup guide it only mentions when installing to select a VPC and then a subnet from that VPC.

But is it possible to use it for more subnet or does it will only work within the subnet of the VPC where it was installed?

 

Kind regards,

EM.

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 22 2017 2:34 PM
‎Nov 22 2017 2:34 PM

I remember how I did this now!

 

Go:

Security Appliance/Site to Site VPN

Under "VPN settings/Local networks" you can put in all the subnets you use in AWS from all the availability zones in the region.

View solution in original post

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 24 2017 1:03 AM
‎Oct 24 2017 1:03 AM

I setup one for a client that could access two subnets in Amazon.  I'm pretty sure I did this by adding a static route on the vMX to the second subnet and saying to include that in AutoVPN.

 

However when I go to look at it now I can't get to the section where you can add static routes.  The route table does show both of the subnets used by the client in Amazon AWS.

 

 

So now I'm not sure.  Either it used to allow static routes and doesn't now, or - well I really can't think of any other option.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 22 2017 2:34 PM
‎Nov 22 2017 2:34 PM

I remember how I did this now!

 

Go:

Security Appliance/Site to Site VPN

Under "VPN settings/Local networks" you can put in all the subnets you use in AWS from all the availability zones in the region.

0 Kudos
In response to PhilipDAth
Dunky
Head in the Cloud
‎Dec 9 2021 6:31 AM
‎Dec 9 2021 6:31 AM

Hi @PhilipDAth 

Sorry for replying to an old thread.

If I add multiple subnets to the VMX LAN side,(ie in Azure), would the VMX bridge between the two?  Would I use the L3 firewall on the VMX to prevent this behaviour?

 

TIA

0 Kudos
In response to Dunky
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 9 2021 10:57 AM
‎Dec 9 2021 10:57 AM

The standard configuration uses a single interface in the VMX in Azure.  The VMX sends all the extra subnets you add to the Azure default gateway, and that does the routing.

0 Kudos
In response to PhilipDAth
Dunky
Head in the Cloud
‎Dec 9 2021 11:04 AM
‎Dec 9 2021 11:04 AM

If I don't want the Azure subnets to see each other though, can I use the firewall rules on the vMX to block inter-subnet traffic?

0 Kudos
In response to Dunky
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 9 2021 11:10 AM
‎Dec 9 2021 11:10 AM

You would use something like an Azure network security group to limit what things can talk to other things in Azure.

In response to PhilipDAth
Dunky
Head in the Cloud
‎Dec 9 2021 11:14 AM
‎Dec 9 2021 11:14 AM

Thanks, that's down to the guys that look after the Azure end. Just wanted to ensure that I am not somehow bridging those subnets via the vMX.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.