I was looking into options for a design that has multiple MX65 firewalls that need to connect to an Azure tenant. The official documentation does not mention Meraki as a supported/tested VPN device so I'm wondering if anyone has been able to make it work.
Basic requirements for the design are hub spoke VPN topology but a full mesh would also work.
I know the vMX100 will be available soon but some organizations will find the extra cost of the VM and the Meraki licensing.
What have others done with MXs and Azure?
Solved! Go to Solution.
You could also look at deploying the vMX100 inside a Azure VNET. I've not done it with Azure however have set it up within AWS. It's pretty simple, just requires VPC with a IGW created and then subnets behind the xVM100, just change their route tables to point to the interface of the VMX100. I can imagine the setup is identical in Azure just with the Azure equivalents.
If you're looking at deploying quite a few Meraki sites, rather than having to manually create VPN's from each of them an vMX100 and Auto-VPN would be the way to go. otherwise if it's a small amount, I don't know if you'd be able to justify the cost (vMX100 license, running costs) etc as effectively it's just working as a VPN concentrator.
Azure Policy based VPN only supports one site, so multi site will not work. The new VPNGw1 would support more than 1 site, but it only supports IKEv2 and Meraki only supports IKEv1. so it will not work.
If you want to use one location as main and route S2S to azure, Meraki does not support that.
The only choice is to use vMX100, however, that does not support CSP model and I have not heard any roadmap on that.
Or you use the one of the cheapest options - Strongswan. It will support as many sites as you want.
As of may 2020, I was able to create a connected vpn with Azure that worked by configuring this way :
Azure : routed-based vpn IKEv1
Meraki : Azure preset, but deleting the MD5 in phase 2