Meraki

Community

How can the vMX function as a "secure cloud gateway for a cloud environment"?

manilovefrogs
New here
‎Aug 5 2025 11:47 AM
‎Aug 5 2025 11:47 AM

How can the vMX function as a "secure cloud gateway for a cloud environment"?

Hey there. I see this documentation on NAT mode use cases for the vMX: https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ

 

It kind of lumps "app" "app" "app" "app" together and glosses over how VNET workloads might connect. It has instructions to apply a route to a single "LAN subnet", but then later says "Once, the vMX is deployed in NAT it can essentially act as the Gateway for your VPC/VNET cloud resources.....the default VPC routes should suffice"

 

How do other subnets in the VNET get routed, or is it only functioning as the gateway for a single subnet? Also how could other workload VNETs route through it?

 

There is also this document about deploying a vMX with Azure vWAN: vMX and Azure vWAN - Cisco Meraki Documentation . However this diagram does not include any egress/internet traffic, nor does it go into the Azure routes that would be needed to have multiple workload VNETs route through the vMX as a gateway. It appears to be discussing a VPN concentrator setup.

 

Does the vMX in NAT/Routed mode actually support a scenario as advertised "This greatly simplifies cloud deployments and let's customers use the vMX as a secure cloud gateway for their cloud environments. " ? A single subnet in Azure or AWS is not a 'cloud environment'.

 

I know that you can technically use UDRs and static routes or BGP to route through the vMX for egress, but is this actually supported by Meraki? Where is the documentation on it?

Labels:
0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 5 2025 2:38 PM
‎Aug 5 2025 2:38 PM

Personally, I would stick to using it as a VPN gateway for SD-WAN unless you really need NAT functionality.

 

>This greatly simplifies cloud deployments

 

In my personal opinion, it makes it more complicated.

 

To date, I have only done VPN concentrator deployments for VMX.

0 Kudos
In response to PhilipDAth
manilovefrogs
New here
‎Aug 5 2025 7:21 PM
‎Aug 5 2025 7:21 PM

Thanks, we do have requirements for something like advanced security on certain traffic, and my industry does have certain compliance requirements and audits. Since we already have multiple MX in physical location I'd like to keep it to one vendor...but it needs to be something with official support and documentation, not something I taped together based on community forum posts haha

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.