Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

vMX Deployment in Azure

nlatta42
Comes here often
‎Feb 26 2023 3:49 PM
‎Feb 26 2023 3:49 PM

vMX Deployment in Azure

Coming across an issue where I cannot traverse network traffic initiated from Azure VM after vMX deployment.

 

Current vMeraki Config:

Mode: Routed

Client tracking: IP Address

Subnet VLAN-Management - 10.91.2.0/24 next hop 10.91.2.4

vMX LAN - 10.91.2.4

Static route "Azure Servers": 10.92.20.0/24 next hop 10.91.2.4

 

I have the route table configured in Azure pointing branch office traffic to virtual appliance of 10.91.2.4 with my Azure server subnet associated to the route table.

 

After testing and configuring my Azure environment, from my branch offices I can reach my Azure resources perfectly fine (ICMP, RDP, Etc.) however, if I am initiating anything from the resources (virtual machine) in Azure to my branch office everything fails. From the vMX stand point I can get across the auto vpn and ping resources in branch offices.

 

For example, my MX is 10.91.2.4 and my azure resources are on 10.92.20.0/24. My Azure VM can communicate to the vMX just to nothing over the tunnel. I have the vNets peered and have allowed the two subnets over the AutoVPN.  Am I missing a route?

0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 26 2023 4:06 PM
‎Feb 26 2023 4:06 PM

Have you allowed communication inside the azure firewall?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
MyHomeNWLab
A model citizen
‎Feb 26 2023 7:34 PM
‎Feb 26 2023 7:34 PM

When vMX (Virtual MX) is in Routed Mode (Limited NAT mode), there is no reachability from the Azure side to the branch office side.
This behavior is similar to a typical Router or Firewall, where communication from the WAN (Internet/Untrust) to the LAN (Trust) is discarded.
Please consider using Passthrough or VPN Concentrator Mode.

 

[Related Documents]
vMX NAT Mode Use Cases and FAQ - Cisco Meraki
https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ

 

vMX Setup Guide for Microsoft Azure - Cisco Meraki
https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure

 

0 Kudos
Subscribe
In response to MyHomeNWLab
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 27 2023 11:59 AM
‎Feb 27 2023 11:59 AM

That sounds hard to believe.  So you are saying that traffic that is initiated on the Azure side can't be routed to a VMX in NAT mode and over an AutoVPN tunnel?

That would make this mode terrible.

Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
‎Mar 26 2023 1:56 PM
‎Mar 26 2023 1:56 PM

@nlatta42 What was the resolution? I don't see anything in the case other than you closed it.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.