Meraki

Community

Azure VPNs

Solved
MJPAGAN
Here to help
‎Oct 12 2017 9:14 PM
‎Oct 12 2017 9:14 PM

Azure VPNs

I was looking into options for a design that has multiple MX65 firewalls that need to connect to an Azure tenant. The official documentation does not mention Meraki as a supported/tested VPN device so I'm wondering if anyone has been able to make it work.

 

Basic requirements for the design are hub spoke VPN topology but a full mesh would also work.

 

I know the vMX100 will be available soon but some organizations will find the extra cost of the VM and the Meraki licensing.

 

What have others done with MXs and Azure?

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 12 2017 9:23 PM
‎Oct 12 2017 9:23 PM

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

View solution in original post

16 Replies 16
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 12 2017 9:23 PM
‎Oct 12 2017 9:23 PM

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

In response to PhilipDAth
Reinout
Here to help
‎Oct 27 2017 6:14 PM
‎Oct 27 2017 6:14 PM

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
0 Kudos
In response to PhilipDAth
Reinout
Here to help
‎Oct 27 2017 6:16 PM
‎Oct 27 2017 6:16 PM

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution you want. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
0 Kudos
In response to Reinout
JohnS
Comes here often
‎Jan 24 2018 5:51 PM
‎Jan 24 2018 5:51 PM

Azure Policy based VPN only supports one site, so multi site will not work. The new VPNGw1 would support more than 1 site, but it only supports IKEv2 and Meraki only supports IKEv1. so it will not work. 

 

If you want to use one location as main and route S2S to azure, Meraki does not support that.

 

The only choice is to use vMX100, however, that does not support CSP model and I have not heard any roadmap on that. 

0 Kudos
In response to JohnS
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 24 2018 5:52 PM
‎Jan 24 2018 5:52 PM

Or you use the one of the cheapest options - Strongswan.  It will support as many sites as you want.

http://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html

In response to PhilipDAth
wey2go
Getting noticed
‎Jan 26 2018 4:24 AM
‎Jan 26 2018 4:24 AM

Still wish Meraki will simply make IKEv2 soon for MX.
0 Kudos
MilesMeraki
Head in the Cloud
‎Oct 13 2017 4:04 AM
‎Oct 13 2017 4:04 AM

You could also look at deploying the vMX100 inside a Azure VNET. I've not done it with Azure however have set it up within AWS. It's pretty simple,  just requires VPC with a IGW created and then subnets behind the xVM100, just change their route tables to point to the interface of the VMX100. I can imagine the setup is identical in Azure just with the Azure equivalents. 

 

If you're looking at deploying quite a few Meraki sites, rather than having to manually create VPN's from each of them an vMX100 and Auto-VPN would be the way to go. otherwise if it's a small amount, I don't know if you'd be able to justify the cost (vMX100 license, running costs) etc as effectively it's just working as a VPN concentrator.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Ducam
Just browsing
‎Mar 13 2018 3:06 PM
‎Mar 13 2018 3:06 PM

This article worked for me.

 

https://www.virtualizationhowto.com/2017/08/configure-meraki-to-azure-site-to-site-vpn/

0 Kudos
Mateen
Getting noticed
‎Mar 10 2020 1:15 PM
‎Mar 10 2020 1:15 PM

get ikev2 activeted from meraki support on your MX to use azure route based vpn gateway.

0 Kudos
In response to Mateen
Synnapex
Comes here often
‎Mar 12 2020 2:29 PM
‎Mar 12 2020 2:29 PM

I'm wondering if Meraki activates IKEv2, will I be able to connect to Azure VPN gateway configured in a  Route-base mode?

0 Kudos
In response to Synnapex
MattPainter
Here to help
‎Mar 12 2020 2:32 PM
‎Mar 12 2020 2:32 PM

Yes. It is not yet on the official Azure supported hardware list but it does work.

0 Kudos
In response to Synnapex
Mateen
Getting noticed
‎Mar 13 2020 11:06 PM
‎Mar 13 2020 11:06 PM

yes, you can.
0 Kudos
In response to Synnapex
Jeizzen
Getting noticed
‎May 28 2020 8:16 AM
‎May 28 2020 8:16 AM

As of may 2020, I was able to create a connected vpn with Azure that worked by configuring this way :

 

 

Azure : routed-based vpn IKEv1

 

Meraki : Azure preset, but deleting the MD5 in phase 2

 

 

 

0 Kudos
In response to Jeizzen
RubenL
Conversationalist
‎Jun 25 2020 7:47 AM
‎Jun 25 2020 7:47 AM

Hi  Jeizzen,

 

Do you have 2 tunnels(2 remote locations connecting back to Azure) or just one?

 

0 Kudos
In response to RubenL
Mateen
Getting noticed
‎Jun 25 2020 7:57 AM
‎Jun 25 2020 7:57 AM

have 6 route based ikev2 tunnels. one from each location connecting back to azure vpn gw.

In response to RubenL
Jeizzen
Getting noticed
‎Jun 29 2020 6:36 AM
‎Jun 29 2020 6:36 AM

Hi RubenL

 

Only one tunnel

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.