Meraki

Community

GCP vMX Client VPN

DHAnderson
Head in the Cloud
‎Sep 21 2023 3:37 PM
‎Sep 21 2023 3:37 PM

GCP vMX Client VPN

I am testing out the capabilities of the vMX in Google Cloud.  I have successfully setup a site to site VPN to my office MX, and now I want to see if the vMX can act as just a Client VPN into Google Cloud.

 

This leaves me some questions:

  • Can the vMX provide a Client VPN when the vMX is in passthrough mode?
  • I presume I need to give the vMX a public IP address.  From a security point of view, is it safe to give it a public address.
Dave Anderson
0 Kudos
1 Reply 1
sthanhlam
Meraki Employee
Meraki Employee
‎Sep 22 2023 8:47 AM
‎Sep 22 2023 8:47 AM

I'm not sure about Google Cloud specifically, but most cloud providers (AWS/Azure) do not route private subnets behind the vMX (for example the client VPN subnet in this case) out to the internet. However, VPN clients are still able to access cloud resources if you configure routing correctly.

You can

(1) Split tunneling; or

(2) Turn the vMX to NAT mode, which is the default mode when you first spin it up. More info here: https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.