cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure VPNs

SOLVED
Highlighted
Here to help

Azure VPNs

I was looking into options for a design that has multiple MX65 firewalls that need to connect to an Azure tenant. The official documentation does not mention Meraki as a supported/tested VPN device so I'm wondering if anyone has been able to make it work.

 

Basic requirements for the design are hub spoke VPN topology but a full mesh would also work.

 

I know the vMX100 will be available soon but some organizations will find the extra cost of the VM and the Meraki licensing.

 

What have others done with MXs and Azure?

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Azure VPNs

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

8 REPLIES 8
Kind of a big deal

Re: Azure VPNs

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

Conversationalist

Re: Azure VPNs

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
Conversationalist

Re: Azure VPNs

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution you want. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
Comes here often

Re: Azure VPNs

Azure Policy based VPN only supports one site, so multi site will not work. The new VPNGw1 would support more than 1 site, but it only supports IKEv2 and Meraki only supports IKEv1. so it will not work. 

 

If you want to use one location as main and route S2S to azure, Meraki does not support that.

 

The only choice is to use vMX100, however, that does not support CSP model and I have not heard any roadmap on that. 

Kind of a big deal

Re: Azure VPNs

Or you use the one of the cheapest options - Strongswan.  It will support as many sites as you want.

http://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html

Getting noticed

Re: Azure VPNs

Still wish Meraki will simply make IKEv2 soon for MX.
Head in the Cloud

Re: Azure VPNs

You could also look at deploying the vMX100 inside a Azure VNET. I've not done it with Azure however have set it up within AWS. It's pretty simple,  just requires VPC with a IGW created and then subnets behind the xVM100, just change their route tables to point to the interface of the VMX100. I can imagine the setup is identical in Azure just with the Azure equivalents. 

 

If you're looking at deploying quite a few Meraki sites, rather than having to manually create VPN's from each of them an vMX100 and Auto-VPN would be the way to go. otherwise if it's a small amount, I don't know if you'd be able to justify the cost (vMX100 license, running costs) etc as effectively it's just working as a VPN concentrator.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
New here

Re: Azure VPNs

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.