cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure VPNs

SOLVED
Highlighted
Here to help

Azure VPNs

I was looking into options for a design that has multiple MX65 firewalls that need to connect to an Azure tenant. The official documentation does not mention Meraki as a supported/tested VPN device so I'm wondering if anyone has been able to make it work.

 

Basic requirements for the design are hub spoke VPN topology but a full mesh would also work.

 

I know the vMX100 will be available soon but some organizations will find the extra cost of the VM and the Meraki licensing.

 

What have others done with MXs and Azure?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Azure VPNs

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

View solution in original post

13 REPLIES 13
Highlighted
Kind of a big deal

Re: Azure VPNs

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

View solution in original post

Highlighted
Conversationalist

Re: Azure VPNs

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
Highlighted
Conversationalist

Re: Azure VPNs

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution you want. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
Highlighted
Comes here often

Re: Azure VPNs

Azure Policy based VPN only supports one site, so multi site will not work. The new VPNGw1 would support more than 1 site, but it only supports IKEv2 and Meraki only supports IKEv1. so it will not work. 

 

If you want to use one location as main and route S2S to azure, Meraki does not support that.

 

The only choice is to use vMX100, however, that does not support CSP model and I have not heard any roadmap on that. 

Highlighted
Kind of a big deal

Re: Azure VPNs

Or you use the one of the cheapest options - Strongswan.  It will support as many sites as you want.

http://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html

Highlighted
Getting noticed

Re: Azure VPNs

Still wish Meraki will simply make IKEv2 soon for MX.
Highlighted
Head in the Cloud

Re: Azure VPNs

You could also look at deploying the vMX100 inside a Azure VNET. I've not done it with Azure however have set it up within AWS. It's pretty simple,  just requires VPC with a IGW created and then subnets behind the xVM100, just change their route tables to point to the interface of the VMX100. I can imagine the setup is identical in Azure just with the Azure equivalents. 

 

If you're looking at deploying quite a few Meraki sites, rather than having to manually create VPN's from each of them an vMX100 and Auto-VPN would be the way to go. otherwise if it's a small amount, I don't know if you'd be able to justify the cost (vMX100 license, running costs) etc as effectively it's just working as a VPN concentrator.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Highlighted
New here

Re: Azure VPNs

Highlighted
Getting noticed

Re: Azure VPNs

get ikev2 activeted from meraki support on your MX to use azure route based vpn gateway.

Highlighted
Comes here often

Re: Azure VPNs

I'm wondering if Meraki activates IKEv2, will I be able to connect to Azure VPN gateway configured in a  Route-base mode?

Highlighted
Here to help

Re: Azure VPNs

Yes. It is not yet on the official Azure supported hardware list but it does work.

Highlighted
Getting noticed

Re: Azure VPNs

yes, you can.
Highlighted
Here to help

Re: Azure VPNs

As of may 2020, I was able to create a connected vpn with Azure that worked by configuring this way :

 

 

Azure : routed-based vpn IKEv1

 

Meraki : Azure preset, but deleting the MD5 in phase 2

 

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.