I see 4 options to be able to communicate from On Prem to Azure.
What would be the best option to have network connectivity from On Prem to Azure servers?
Thanks
I would lean toward the vMX in Azure. I think that will be the easiest to set up and maintain. The troubleshooting will be a lot easier should you have any communication issues and being able to easily see uptime and VPN connectivity will make your life a lot easier.
We tend to use Strongswan on Ubuntu in Azure for this (when there are only a small number of MX's and they have static IP addresses). It is rock solid reliable.
We want Meraki MX to have IKE V2.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
Meraki still listed as "Not compatible".
ikev2 can be activated on MX via support and it works fine.
I would be careful with the "works fine" as i have seen stability on the tunnel being an issue, and you need to put Beta firmware on your MX, which can be a major issue for end users with Compliance requirements.
What services are on the server that you want to access? That is a key consideration of this.
1. The vMX is the most reliable method, but remember it is only a VPN concentrator, not a firewall
2. IKEv1 VPN Gateway in Azure, costs ~€120 per month.
3. Beta Mode, Support Request for IKEv2, and same VPN Gateway
4. Give the server a public IP in Azure, and lock down the NSG rules to your external ip?
I dont want to hijack this thread, but another option that I would like to try and bottom out is a BGP Route from Azure VPN Gateway.
Here in Ireland getting a circuit AS is not trivial, we typically have PPPoE WAN or similar.
However we recently took on some people from South Africa who were asking why we dont use BGP more, and I recalled that we looked at have redundant failover connectivity from an Azure VPN Gateway to an MX using BGP. We never proceeded, as the vMX was cheaper
I have been told that enabling BGB on Meraki is as simple as asking.
Has anyone ever performed this?
Hi matt20dion
Any luck on this issue?
I have the same problem using the same instructions as well as others I found. I have reviewed my setup like 4 times with no luck..
The documentation seems to be missing something or be incorrect as the other walkthroughs I found said I needed to use a policy based gateway and the Meraki instructions said routed.
Issue I found though is that policy based only allowed me to use a basic gen1 vpn which is not compatible with IKEv2.
Stuck on this one.