interested in Cisco Meraki because one of my customers is getting this solution for multiple sites

Mhaer0
Conversationalist

interested in Cisco Meraki because one of my customers is getting this solution for multiple sites

interested in Cisco Meraki because one of my customers is getting this solution for multiple sites and wanted to know how can i connect those to azure VPN, i am not a network guy 🙂 

i know that Meraki does not support ikev2 which means it wont support route based VPN for multi site connections

so my idea was to get the V-device published at azure market place and build a site to site connection between each site and Azure

wanted to know if this would work and wanted to have a guide on how to accomplish that

5 REPLIES 5
ww
Kind of a big deal
Kind of a big deal

This document is a walkthrough for setting up a virtual MX (vMX100) appliance in the Microsoft Azure Marketplace. After completing the steps outlined in this document, you will have a virtual MX appliance running in Azure that serves as an AutoVPN termination point for your physical MX devices.

 

https://documentation.meraki.com/MX-Z/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure

 

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Site-to-site_VPN_Settings

 

 

Mhaer0
Conversationalist

thanks Kudos

the document is clear and it looks like we have some limitations as the one arm and pass through modes 

i really apprentice if someone can answer to the specific scenario i have mentioned, it is very important to confirm if this scenario would work or not before investing 

Uberseehandel
Kind of a big deal

You may find Azure VPN Gateway helpful

 

As far as assessing the Meraki vMX goes, it would help to have some specific use cases to evaluate. It has only recently been released on the Azure platform.

 

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

If it is a small number of sites, use StrongSwan.

https://www.linkedin.com/pulse/cisco-meraki-azure-vpn-philip-d-ath/

 

If it is a lot of sites, use the vMX.

https://meraki.cisco.com/products/appliances/vmx100

DCooper
Meraki Alumni (Retired)

It is recommended to use Meraki to Meraki for simplicity and SD-WAN functionality. If you have multiple ISP's at the remote site or in the Azure cloud we can do active-active or active-passive depending on the setup. I would need to check on Azure but with Amazon we do support NAT mode with a tweak on the backend, however this is not recommended and not sure why you would do this in your design. The pricing of full tunnel pin-hairing your data through any cloud hosted DC can get very expensive.

 

TO answer your question, yes  your setup would work as far as I understand your question. You would have the Azure vMX configured as a Hub, the remote sites would be configured as a spoke without clicking the vMX-Azure as the default route would put all of the remote sites in a split tunnel mode. Only traffic destined for the vMX azure subnets would be routed over the VPN tunnel to the DC.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.