Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX67W - VPN to Azure

PJ51182
Getting noticed
‎Dec 18 2019 7:31 AM
‎Dec 18 2019 7:31 AM

MX67W - VPN to Azure

Hi,

 

I have a MX67W on trial.  We are looking at rolling out five of these to small offices for a company we support.  Amongst other features the VPN is key to the Meraki device being suitable.  I have found an online guide for setting up the VPN and it doesn't seem to want to play ball.  I then discovered  the following MS document that states Meraki isn't compatible:

 

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices

 

Can anyone advise if they have a working Meraki/Azure VPN from a MX device working?  Is it supported? 

 

Would the vMX be an alternative? 

 

Cheers

 

Phil 

0 Kudos
6 Replies 6
SoCalRacer
Kind of a big deal
‎Dec 18 2019 7:38 AM
‎Dec 18 2019 7:38 AM

Options to consider:

1- Policy Based VPN

https://www.virtualizationhowto.com/2017/08/configure-meraki-to-azure-site-to-site-vpn/

 

2-Custom Azure VPN Setup

http://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html

 

3-vMX100

https://documentation.meraki.com/MX/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure

Nash
Kind of a big deal
‎Dec 18 2019 8:21 AM
‎Dec 18 2019 8:21 AM

If each site needs connectivity back to the same thing in Azure, I'd explore the vMX if you can swing the cost.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 18 2019 12:41 PM
‎Dec 18 2019 12:41 PM

Yeah, you can use several virtual firewalls to connect to in Azure like a pfsense for example but... if you do then you don't get the benefits of SD-WAN.  So you can't do two simultaneous tunnels if you would have two WAN connections per site with policies which traffic uses which uplink under what performance circumstances.

The vMX provides a virtual appliance where you can do autoVPN to.  So you don't need to worry about switching IP's when an uplink goes down.

0 Kudos
PJ51182
Getting noticed
‎Dec 19 2019 6:49 AM
‎Dec 19 2019 6:49 AM

Thank You for responses. 

 

My main concern is that MS don't list Meraki as a supported VPN solution.  I know there are multiple guides online but from an enterprise point of view implementing a "non-supported" solution is something we can't do.

 

Does anyone know why this would be?

0 Kudos
In response to PJ51182
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 19 2019 7:21 AM
‎Dec 19 2019 7:21 AM

Azure by default uses some sort of VPN gateway where you can OR connect 1 tunnel using policy based IKEv1 or if you need multiple sites IKEv2 route based VPNs.

At this time Meraki MX platforms do not support IKEv2 negotiation yet (there is a closed beta running I heard).

So you can't use the native VPN gateway of Azure.
You can however spin up a virtual firewall that does support the Meraki sites to connect to Azure.
Preferable a vMX as I mentioned in my previous post but you'll have to license it and spend money on the needed resources to run it.

0 Kudos
In response to GIdenJoe
PJ51182
Getting noticed
‎May 5 2020 7:24 AM
‎May 5 2020 7:24 AM

Does anyone know when the beta functionality may be released out as part of a stable release?

 

As the Meraki devices are still not shown on the list of compatible devices (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices) I'm having top look at other options:

 

CiscoMerakiN/ANot compatibleNot compatible

 

As Meraki devices are clearly not officially supported by MS my organisation are unwilling to go with a MX device.  It's very frustrating as I expect having an IKEv2 VPN to Azure is quite a common requirement. 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.