MX67W - VPN to Azure

PJ51182
Getting noticed

MX67W - VPN to Azure

Hi,

 

I have a MX67W on trial.  We are looking at rolling out five of these to small offices for a company we support.  Amongst other features the VPN is key to the Meraki device being suitable.  I have found an online guide for setting up the VPN and it doesn't seem to want to play ball.  I then discovered  the following MS document that states Meraki isn't compatible:

 

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices

 

Can anyone advise if they have a working Meraki/Azure VPN from a MX device working?  Is it supported? 

 

Would the vMX be an alternative? 

 

Cheers

 

Phil 

6 Replies 6
Nash
Kind of a big deal

If each site needs connectivity back to the same thing in Azure, I'd explore the vMX if you can swing the cost.

GIdenJoe
Kind of a big deal
Kind of a big deal

Yeah, you can use several virtual firewalls to connect to in Azure like a pfsense for example but... if you do then you don't get the benefits of SD-WAN.  So you can't do two simultaneous tunnels if you would have two WAN connections per site with policies which traffic uses which uplink under what performance circumstances.

The vMX provides a virtual appliance where you can do autoVPN to.  So you don't need to worry about switching IP's when an uplink goes down.

PJ51182
Getting noticed

Thank You for responses. 

 

My main concern is that MS don't list Meraki as a supported VPN solution.  I know there are multiple guides online but from an enterprise point of view implementing a "non-supported" solution is something we can't do.

 

Does anyone know why this would be?

GIdenJoe
Kind of a big deal
Kind of a big deal

Azure by default uses some sort of VPN gateway where you can OR connect 1 tunnel using policy based IKEv1 or if you need multiple sites IKEv2 route based VPNs.

At this time Meraki MX platforms do not support IKEv2 negotiation yet (there is a closed beta running I heard).

So you can't use the native VPN gateway of Azure.
You can however spin up a virtual firewall that does support the Meraki sites to connect to Azure.
Preferable a vMX as I mentioned in my previous post but you'll have to license it and spend money on the needed resources to run it.

Does anyone know when the beta functionality may be released out as part of a stable release?

 

As the Meraki devices are still not shown on the list of compatible devices (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices) I'm having top look at other options:

 

CiscoMerakiN/ANot compatibleNot compatible

 

As Meraki devices are clearly not officially supported by MS my organisation are unwilling to go with a MX device.  It's very frustrating as I expect having an IKEv2 VPN to Azure is quite a common requirement. 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels