Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New S2S VPN between my Meraki Firewall and Azure

charlesfors
New here
‎Jun 12 2023 3:07 PM
‎Jun 12 2023 3:07 PM

New S2S VPN between my Meraki Firewall and Azure

Hello:

We are planning to do the setup of a new S2S VPN between our end (firewall MX84) and Azure

First I would like to explain to you the configuration that we want to implement on our end

1-Our firewall has two lines connected to the internet.

2-Currently, the principal line (Verizon) is UP and it is using a "Site to Site" VPN between our end and Azure cloud that allows the connection between our private network and Azure

3-Now we want to activate the Comcast line as a failover line, so in case the Verizon line goes down, Comcast line goes UP automatically and keep the "Site to Site" VPN connection working without interruption

My question is:
1-Do I have to configure BGP protocol (in our firewall and Azure end) to achieve the failover?

 

Thank you, Charles

0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 12 2023 3:12 PM
‎Jun 12 2023 3:12 PM

 

Maybe it will help you.

 

Screenshot_20230612-191107.png

 

https://community.meraki.com/t5/Security-SD-WAN/Meraki-MX-250-HA-pair-and-Azure-VPN-Gateways-IPSEC-f...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 12 2023 3:18 PM
‎Jun 12 2023 3:18 PM

Is the vMX on Azure one option?

 

I think it's more simple.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 13 2023 2:38 AM
‎Jun 13 2023 2:38 AM

Using Azure, you might as well say the answer is no, because what you have to do to make it work is beyond most people.

 

If you value failover, buy a VMX-S.

https://meraki.cisco.com/product/security-sd-wan/virtual-appliances/vmx-small/ 

GreenMan
Meraki Employee
Meraki Employee
‎Jun 13 2023 4:53 AM
‎Jun 13 2023 4:53 AM

What @PhilipDAth said...    you likely will not get this working how you would desire using non-Meraki VPN.   If you purchase VMX (particularly if you purchase two, for resilience) it will be miles simpler, more resilient and provide you policy and performance routing too.

https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure 

https://documentation.meraki.com/MX/Deployment_Guides/vMX_and_Azure_Route_Server

https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping

 

 

jimmyt234
Building a reputation
‎Jun 14 2023 8:55 AM
‎Jun 14 2023 8:55 AM

Configure your Azure connection to the Dynamic DNS hostname of the MX, this will auto-failover, albeit rather slowly.

 

The real, elegant solution is to deploy a vMX in Azure. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.