Best way to connect to Azure Server

Comes here often

Best way to connect to Azure Server

I see 4 options to be able to communicate from On Prem to Azure. 


  1. VPN Tunnel from On Prem to Azure
    1. Convoluted and not actually supported by Azure
  2. Startup Script on Azure VM that logs into Client VPN, with new user credentials
    1. Works well, but depends on startup script to automatically connect to VPN
  3. Setup a vMX100 in Azure and use it as a Spoke VPN with On Prem MX.
    1. Cost implications of running the vMX.
  4. Port forward outside ports on both sides to allow communication
    1. Don't like this method at all, but could be an option. 


What would be the best option to have network connectivity from On Prem to Azure servers?



8 Replies 8
A model citizen

I would lean toward the vMX in Azure. I think that will be the easiest to set up and maintain. The troubleshooting will be a lot easier should you have any communication issues and being able to easily see uptime and VPN connectivity will make your life a lot easier.

Kind of a big deal
Kind of a big deal

We tend to use Strongswan on Ubuntu in Azure for this (when there are only a small number of MX's and they have static IP addresses).  It is rock solid reliable.

Getting noticed

We want Meraki MX to have IKE V2.


Meraki still listed as "Not compatible".

Getting noticed

ikev2 can be activated on MX via support and it works fine.

I would be careful with the "works fine" as i have seen stability on the tunnel being an issue, and you need to put Beta firmware on your MX, which can be a major issue for end users with Compliance requirements.


What services are on the server that you want to access? That is a key consideration of this.


1. The vMX is the most reliable method, but remember it is only a VPN concentrator, not a firewall

2. IKEv1 VPN Gateway in Azure, costs ~€120 per month.

3. Beta Mode, Support Request for IKEv2, and same VPN Gateway

4. Give the server a public IP in Azure, and lock down the NSG rules to your external ip?

Getting noticed

agreed. vMX is ideal.
Getting noticed

I dont want to hijack this thread, but another option that I would like to try and bottom out is a BGP Route from Azure VPN Gateway.


Here in Ireland getting a circuit AS is not trivial, we typically have PPPoE WAN or similar. 


However we recently took on some people from South Africa who were asking why we dont use BGP more, and I recalled that we looked at have redundant failover connectivity from an Azure VPN Gateway to an MX using BGP. We never proceeded, as the vMX was cheaper


I have been told that enabling BGB on Meraki is as simple as asking.


Has anyone ever performed this?

New here

Hi matt20dion


Any luck on this issue?


I have the same problem using the same instructions as well as others I found. I have reviewed my setup like 4 times with no luck..


The documentation seems to be missing something or be incorrect as the other walkthroughs I found said I needed to use a policy based gateway and the Meraki instructions said routed.


Issue I found though is that policy based only allowed me to use a basic gen1 vpn which is not compatible with IKEv2.


Stuck on this one.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.