Regarding the setting of vMX on Azure, it's described as follows in Meraki formal guide.

ksmiii
New here

Regarding the setting of vMX on Azure, it's described as follows in Meraki formal guide.

- Finally, associate the Route Table with the subnet where the vMX was deployed. Click on "Subnets" and then "Associate."
- Choose the virtual network where the vMX was deployed, then choose the subnet used to deploy the vMX and click "OK."

I tried several times associating vMX subnet to Route Table according to the above instruction, but it failed for some reason. The error message on Azure is here(Partially I've translated from Japanese to English). I recognize that the Resource Group for vMX is managed one, thus most of the settings are read-only, yet I guess this route table setting is exceptional.

"Couldn't save the route table of subnet 'vmx-subnet'. Error: Object ID 'xxxx(omit)' Client 'xxx.onmicrosoft.com' has access grant for the action 'Microsoft.Network/virtualNetworks/subnets/write' in the scope 'mrg-cisco-meraki-vmx-xxx/providers/Microsoft.Network/virtualNetworks/vmx-vnet/subnets/vmx-subnet'>vmx-vnet/vmx-subnet' , but scope '/subscriptions/xxx/resourceGroups/mrg-cisco-meraki-vmx-xxx' whose name is 'System deny assignment created by managed application /subscriptions/xxx/resourceGroups/5g-test/providers/Microsoft.Solutions/applications/MerakivMX' and ID 'xxx' were denied due to those assignment, the access was denied"

And I'm not sure if this leads, but an access from local PC to the VM on Azure whose subnet is registered explicitly on Azure Route Table and Meraki Dashboard(local NW) seems to be a problem, even though Client VPN access can be check OK in case its destination is behind Meraki MX(on premise).

 

Below is complementary information.

-I already succeeded deploying vMX instance as follows whose Resource Group is separated.

-In the Route Table, I designated Route from Meraki Appliance to vMX and confirmed Site-to-Site VPN is correctly working.

-Network which is hosted by Meraki Appliance and VPN status to vMX seems to be ok.

-Local network setting is done on Meraki dashboard which is also associated in the Route Table on Azure.


Would you be able to give me some advice to solve this issue?
Thank you.

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

When deploying the VMX there is an option (in Azure) under Advanced somewhere, that lets you select an existing vNet.  You need to use that to connect it to your existing network.  Alas, this is a setting you can't change after deployment.  You have to delete and start again.

 

It's not indicated that clearly, but its:

"Virtual network: Choose an existing virtual network from the list; minimum allowed prefix size for the virtual network is /24 and max is /8"

https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure#Azure... 

The "existing" word is the key.

Thanks for your advice. I could solve this issue, thank you!

AaronDo
Here to help

You can also use a peering from inside a new virtual network created for the VMX. 

PhilipDAth
Kind of a big deal
Kind of a big deal

I believe this is now the preferred approach.

Get notified when there are additional replies to this discussion.