Working with a client that currently has some servers running in Azure. We currently have a site to site VPN set up and working, but it is only between the main office and Azure, the remote locations cannot reach it. They are wanting to change that by installing the vMX100 in their Azure instance. While it is easy to understand the Meraki licensing cost for the vMX, we have no idea what to expect the Azure costs to be. So, I am curious if anyone that has this set up can tell me what the licensing model is that they are using and what it is costing them monthly? Of course this will ultimately depend on how much traffic is going through it, so if you can estimate that or describe how you are using it, it will really help us to understand the long terms costs.
Old post here, but hoping you see the reply. wanted to see if you are still running vMX in Azure and what current base costs are like?
Can vMX in Azure be used in conjunction with Azure VPN Gateway to send traffic out to a non-Meraki VPN endpoint connected to Azure? Idea here would be MX/Z devices would AutoVPN to vMX in Azure and then it would route over VPN using Azure VPN Gateway out of Azure to a non-Meraki device in a 3rd party datacenter.
I don't see why it wouldn't. You can add a non-meraki VPN peer to the vMX, define the remote subnets and the routing should take care of itself. I believe you could also setup OSPF to assist, but not certain how that works with non-meraki VPN's.
FYI, for us, the vMX solution has been very solid. Haven't done much with it as it pretty much manages itself. With 30+ endpoints and growing on our VPN, it makes adding locations transparent.
Terminaing the non-Meraki VPN on peer on the vMX won't work based on my current experience, which is why I am asking about Azure VPN Gateway in the mix.
Right now I am using hub/spoke with my remote offices/teleworkers (MX/Z-spokes) connecting to my corporate office (MX-hub). At corporate I have a Fortigate firewall making a VPN tunnel to a 3rd party datacenter. I had do to it this way because non-meraki VPN routes are not advertised through Auto VPN and some of my spokes are dynamic IP or behind NAT devices, so I have no way to terminate the non-Meraki VPN tunnel directly to all my spokes.
Thus, all my spokes route through corporate hub then hop over to FortiGate firewall to get out that 3rd party datacenter over VPN. I'd like to eliminate having to route the spokes through corporate hub, and was thinking of vMX in Azure.
@EvanM Yes, we still run the two vMX appliances that I referenced earlier. Current costs are in line with what I posted previously. They just work for us which has been great. Essentially no maintenance other than updating the Azure VPN subnet list when we've added additional subnets at other sites.