Azure Default route

Lukef
Here to help

Azure Default route

Hi Team,

We have a requirement where we need to make our azure vmx a default route so we can pass off the SD-WAN to another firewall appliance.

 

Just wondering if anyone has ever managed to get this to work. From the reading i have done others have this working happily in AWS but there is not much info doing this via Azure.

 

I have setup the environment, set the default route for the vmx to egress via our firewall appliance which is working fine and as i can see the vmx public ip is now the same as our firewall appliance.

 

The problem is as soon as i set the vmx as a default route for one of our test sites internet access drops at the test site on the sd-wan connected vlan.

I have done some packet captures on our firewall appliance and can see the traffic go out and come back in and get routed to the vmx. However on the vmx all i can see is retransmissions in the logs.

 

Have any of you managed to get this to work? thanks in advance.

 

3 Replies 3
Lukef
Here to help

Any luck on this one guys, Have spoken with Meraki support and they are very vague and have no examples of this working but think it should work?

They mentioned contacting Azure support which I have done but not sure how far this will get.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

If you do a packet capture on the VMX do you see the return traffic?

Any Azure firewall rules (network security group) that might be blocking the traffic?

Lukef
Here to help

Hey Phillip, I resolved the issue. Not sure what it did but a redeployed my firewall in azure and it sorted itself.

All config was still the same but guessing something was wrong in the interface order or something.

I can confirm i have a working fortinet firewall with a Meraki behind it acting as a default route!!

 

thanks for your reply!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels