Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using vMX at the Azure Cloud

JPScolar
Here to help
‎Sep 7 2023 8:44 AM
‎Sep 7 2023 8:44 AM

Using vMX at the Azure Cloud

Hello, 

 

I want to migrate a Cisco DMVPN  network to a Meraki MX SD-WAN network.  DMVPN main hubs are at a Service Provider Data Center, which in turn, provides an Express Route connection to an Azure private cloud where all services are located. 

 

I would like to build an vMX VNET at the Azure Cloud and use BGP to route to other VNETs (workload). This way I will remove the Service provider dependency.

 

Any advise, comments, suggestions on the diffificulties of implemnting this type of network. Any thing in particular I need to pay attention to?   

Thank you for your help. 

Juan-Carlos Perez
Labels:
0 Kudos
Subscribe
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 7 2023 12:29 PM
‎Sep 7 2023 12:29 PM

Some tips:

  • Before deploying the VMX create a dedicated subnet to put it into.  Or, worst case, absolutely do not put it into a subnet that servers are located in which users will need access to.  If you break this rule you can experience low levels of intermittent packet loss.
  • When deploying, the instructions say to select an availability zone - don't do this.  Select none.  If you select an available zone you get "Standard IP SKU" which blocks all inbound access.  This reduces the reliability and functionality of the VMX (for example you can't enable AnyConnect, and increases the time for some AutoVPN failure cases to recover)
  • Configure a manual NAT traversal using a specific port, say udp/10000.  Make sure you allow this port in using the Azure network security group.  Doing this allows the system to recover from AutoVPN failures much quicker.
  • The default configuration deploys the VMX in NAT mode now (bad change Meraki ...).  Once deployed you can't change this without deleting the VMX and re-deploying.  So before deploying change the VMX mode back to VPN concentrator mode.
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 7 2023 12:30 PM
‎Sep 7 2023 12:30 PM

Also read over these instructions about using BGP in Azure.

https://documentation.meraki.com/MX/Deployment_Guides/vMX_and_Azure_Route_Server 

0 Kudos
Subscribe
JPScolar
Here to help
‎Sep 7 2023 3:04 PM
‎Sep 7 2023 3:04 PM

PhilipDAth. Thank you for your comments. So, basically the vMX Sjould remain as VPN Concentrator, right?  How about the Firewalling?   I would need a FW inf front of the vMX.  Or if this is only Auto-VPN tunnels, could I get by without a firewall? 

Juan-Carlos Perez
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.