cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure VPNs

SOLVED
Go to solution
MJPAGAN
Here to help
‎10-12-2017 09:14 PM
‎10-12-2017 09:14 PM

Azure VPNs

I was looking into options for a design that has multiple MX65 firewalls that need to connect to an Azure tenant. The official documentation does not mention Meraki as a supported/tested VPN device so I'm wondering if anyone has been able to make it work.

 

Basic requirements for the design are hub spoke VPN topology but a full mesh would also work.

 

I know the vMX100 will be available soon but some organizations will find the extra cost of the VM and the Meraki licensing.

 

What have others done with MXs and Azure?

Labels:
0 Kudos
Subscribe
1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal
‎10-12-2017 09:23 PM
‎10-12-2017 09:23 PM

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

View solution in original post

Subscribe
16 REPLIES 16
PhilipDAth
Kind of a big deal
Kind of a big deal
‎10-12-2017 09:23 PM
‎10-12-2017 09:23 PM

You have to create a "Policy Base VPN" in Azure.  Then you can build the VPN directly from Meraki to Azure.

Subscribe
In response to PhilipDAth
Reinout
Here to help
‎10-27-2017 06:14 PM
‎10-27-2017 06:14 PM

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
0 Kudos
Subscribe
In response to PhilipDAth
Reinout
Here to help
‎10-27-2017 06:16 PM
‎10-27-2017 06:16 PM

Sure you can create a policy based VPN to azure, but be aware that if you require more bandwidth for your VPN or want to add multiple s2s VPNs to azure or add p2s VPNs to azure this policy based VPN is not a solution you want. Than you need a route based VPN or need to add a vMX100 in azure (which will cost extra)
0 Kudos
Subscribe
In response to Reinout
JohnS
Comes here often
‎01-24-2018 05:51 PM
‎01-24-2018 05:51 PM

Azure Policy based VPN only supports one site, so multi site will not work. The new VPNGw1 would support more than 1 site, but it only supports IKEv2 and Meraki only supports IKEv1. so it will not work. 

 

If you want to use one location as main and route S2S to azure, Meraki does not support that.

 

The only choice is to use vMX100, however, that does not support CSP model and I have not heard any roadmap on that. 

0 Kudos
Subscribe
In response to JohnS
PhilipDAth
Kind of a big deal
Kind of a big deal
‎01-24-2018 05:52 PM
‎01-24-2018 05:52 PM

Or you use the one of the cheapest options - Strongswan.  It will support as many sites as you want.

http://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html

Subscribe
In response to PhilipDAth
wey2go
Getting noticed
‎01-26-2018 04:24 AM
‎01-26-2018 04:24 AM

Still wish Meraki will simply make IKEv2 soon for MX.
0 Kudos
Subscribe
MilesMeraki
Head in the Cloud
‎10-13-2017 04:04 AM
‎10-13-2017 04:04 AM

You could also look at deploying the vMX100 inside a Azure VNET. I've not done it with Azure however have set it up within AWS. It's pretty simple,  just requires VPC with a IGW created and then subnets behind the xVM100, just change their route tables to point to the interface of the VMX100. I can imagine the setup is identical in Azure just with the Azure equivalents. 

 

If you're looking at deploying quite a few Meraki sites, rather than having to manually create VPN's from each of them an vMX100 and Auto-VPN would be the way to go. otherwise if it's a small amount, I don't know if you'd be able to justify the cost (vMX100 license, running costs) etc as effectively it's just working as a VPN concentrator.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Subscribe
Ducam
Just browsing
‎03-13-2018 03:06 PM
‎03-13-2018 03:06 PM

This article worked for me.

 

https://www.virtualizationhowto.com/2017/08/configure-meraki-to-azure-site-to-site-vpn/

0 Kudos
Subscribe
Mateen
Getting noticed
‎03-10-2020 01:15 PM
‎03-10-2020 01:15 PM

get ikev2 activeted from meraki support on your MX to use azure route based vpn gateway.

0 Kudos
Subscribe
In response to Mateen
Synnapex
Comes here often
‎03-12-2020 02:29 PM
‎03-12-2020 02:29 PM

I'm wondering if Meraki activates IKEv2, will I be able to connect to Azure VPN gateway configured in a  Route-base mode?

0 Kudos
Subscribe
In response to Synnapex
MattPainter
Here to help
‎03-12-2020 02:32 PM
‎03-12-2020 02:32 PM

Yes. It is not yet on the official Azure supported hardware list but it does work.

0 Kudos
Subscribe
In response to Synnapex
Mateen
Getting noticed
‎03-13-2020 11:06 PM
‎03-13-2020 11:06 PM

yes, you can.
0 Kudos
Subscribe
In response to Synnapex
Jeizzen
Getting noticed
‎05-28-2020 08:16 AM
‎05-28-2020 08:16 AM

As of may 2020, I was able to create a connected vpn with Azure that worked by configuring this way :

 

 

Azure : routed-based vpn IKEv1

 

Meraki : Azure preset, but deleting the MD5 in phase 2

 

 

 

0 Kudos
Subscribe
In response to Jeizzen
RubenL
Conversationalist
‎06-25-2020 07:47 AM
‎06-25-2020 07:47 AM

Hi  Jeizzen,

 

Do you have 2 tunnels(2 remote locations connecting back to Azure) or just one?

 

0 Kudos
Subscribe
In response to RubenL
Mateen
Getting noticed
‎06-25-2020 07:57 AM
‎06-25-2020 07:57 AM

have 6 route based ikev2 tunnels. one from each location connecting back to azure vpn gw.

Subscribe
In response to RubenL
Jeizzen
Getting noticed
‎06-29-2020 06:36 AM
‎06-29-2020 06:36 AM

Hi RubenL

 

Only one tunnel

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki