cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VMX setup with existing NVA in place

robfromsc
Conversationalist

VMX setup with existing NVA in place

Does anyone have any experience or recommendations setting up a vmx 100 in an existing Azure environment with every node already pointing to a palo alto firewall via udr?  We have an express route circuit but eventually want to get rid of it and use the vmx100 as a hub instead of placing another in our data center.   I'm trying to understand the logical placement of the vmx100 and having traffic flowing to and from the existing palo alto firewall (nva). 

 

Thanks in advance. 

1 REPLY 1
GIdenJoe
Head in the Cloud

Re: VMX setup with existing NVA in place

Your vMX will have it's own IP in an Azure network and you'll need to route packets from the Pa towards the IP of the vMX towards all spoke networks.

 

You can achieve this using a few static supernet routes or using BGP if it is possible to peer with the Pa to exchange routes that way.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.