Meraki

Community

Azure vMX Routed mode & split-tunneling

dmbooth
Getting noticed
yesterday
yesterday

Azure vMX Routed mode & split-tunneling

Hi,

 

On review of the vMX Setup Guide for Azure, we were disappointed to find that you can't have a vMX in Azure in Routed Mode and do AutoVPN split tunnelling. We can understand why dashboard might need work to enable this (you'd need the table under VPN Settings to manually define local networks that you normally only see in Passthrough mode) but can't imagine we're the only ones that see this as a big miss - is it likely that this limitation will be fixed can anyone comment? Thanks.

0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

I don't know if this is a limitation; I believe that perhaps the purpose of vMX isn't that, but rather simply to facilitate communication with your Azure environment, so for that, Routed mode isn't necessary.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
dmbooth
Getting noticed
yesterday
yesterday

Yeah, we're familiar with vMX in Azure in Passthrough mode for AutoVPN connectivity, that's how we've always done them in the past. But a customer has seen vMX can now be in Routed mode, wants to use as a NATing gateway alongside AutoVPN. Not being able to split-tunnel is now a problem.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Are you using full tunnel AutoVPN mode?  Do you need to use full tunnel mode?

 

If you do need to use full tunnel for AutoVPN, you could look at the SD-WAN Plus licence, and look at local breakout.

https://documentation.meraki.com/Platform_Management/Product_Information/Licensing/Meraki_MX_Securit...

 

In response to PhilipDAth
dmbooth
Getting noticed
5 hours ago
5 hours ago

No we don't want to use Full Tunnel mode, but documentation says you have to use Full Tunnel mode on a vMX in Azure if you also want to use Routed mode (because the vMX won't advertise subnets). Routed mode is required because the vMX is replacing a competitor vendor equivalent which is doing NATing.

 

Local breakout is an option we hadn't considered, but that doesn't require SD-WAN plus I thought?

 

The other workaround we were considering would be to put the vMX in a separate org and configure non-Meraki VPN.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.