Azure VPN to Multiple Merakis

Mloraditch
A model citizen

Azure VPN to Multiple Merakis

Has anyone successfully setup a policy based VPN to Multiple Meraki sites in the same org? Did you have to go to 15.x firmware?

So essentially you have one third party connection listed in your dashboard and it works for all enabled sites?

6 Replies 6
Johnfnadez
Building a reputation

You can configure a 3rd party vpn with azure in the MX.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_between_MX_Applian...

 

It also applies for Azure, AWS and any IPsec peer.

 

I have used for fortinet, Cisco ASA and another MX in different orgs

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA
Mloraditch
A model citizen

Yes thank you, I'm aware of that, but what did not work previously and I'm being told by a third party vendor may work now is the ability to have multiple sites in the same org peer to the same Azure Virtual network gateway.

PhilipDAth
Kind of a big deal
Kind of a big deal

We tend to do it using StrongSwan.

https://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html 

JimmyPhelan
Getting noticed

Im going to play the pure Meraki card here

 

Option 1 - vMX in Azure will do your AutoVPN to all participating networks

 

Option 2 - Beta Firmware (15.xx) and Azure VPN Gateway - I have done this, it is simple enough, but ive found that the tunnels were either a) really stable or b) really not.

 

The vMX is not much more expensive than a standard VPN Gateway, and if you couple a Reserved Instance with the vMX, it is very compelling

 

The other alternative is AZURE VIRTUAL WAN!! And if you do get that working, please let us know your experience.

 

I have to say, Philip's method is one im going to investigate however!

Mloraditch
A model citizen

So thanks all. Option 2 that @JimmyPhelan mentioned is what I believe this vendor is saying. I much prefer vMX and have used it before and will stick with that if at all possible. I don't control the Azure environment in question so some negotiation will be necessary.

 

 

 

 

KJK
Just browsing

Mloraditch I am trying just to get one Meraki 64 to work on a policy based VPN. I have set up a new resource group for testing as out lined here http://arnaudpain.com/2019/08/27/azure-and-cisco-meraki-mx80-site-to-site-step-by-step-guide/#sthash...  and my theory was to create another Public IP address in this group once i get this working . Unfortunately i see the Meraki saying connected but not the Azure that says connecting.

 

i even tried this https://www.virtualizationhowto.com/2017/08/configure-meraki-to-azure-site-to-site-vpn/ as one of  the opening line is "Meraki is notoriously easy to". Oh no it isn't

 

Maybe Philip can help https://community.meraki.com/t5/Security-SD-WAN/Azure-VPNs/m-p/3201#M854

 

Anybody get this working would be great

 

Kevin

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels