Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VMX to VMX route issue in Azure

Adeldardari
Here to help
‎May 19 2022 5:42 PM
‎May 19 2022 5:42 PM

VMX to VMX route issue in Azure

Hi,

I got a VMX (referred as VMX1) running in Azure VNET1 , and in the same VNET i got other resources (VMs) that are reachable by VMX1

I have another VMX  ( referred as VMX2) running  in Azure VNET2 ( different region) which is intended for back up. VMX2 also got resources configured in its same VNET 2 ( VMs ) and can reach them. 

 

VMX1 got a VPN tunnel ( IPSEC) with VMX2. I am not 100% sure how the tunnel was established and if i can terminate it. this is an issue that i will park for now 

 

VMX1 is able to ping  VMX2 however, VMX1 is unable to reach any resources in VMX 2 although i have added those resources under VMX2 local subnet. 

 

my questions are:

1- Any idea how to get the local subnets at each VMX advertised to the other VMX ?  

2- can i turn off IPSEC tunnel between VMX1 to VMX2 while i keep the IPSEC between VMX and my other MX's ? 

0 Kudos
Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 21 2022 3:40 PM
‎May 21 2022 3:40 PM

This is a known Azure issue.  Pay special attention to this bit:

https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure 

 

"Deploy a virtual appliance into a different subnet than the resources that route through the virtual appliance are deployed in. Deploying the virtual appliance to the same subnet, then applying a route table to the subnet that routes traffic through the virtual appliance, can result in routing loops, where traffic never leaves the subnet."

 

Also check out this VMX HA guide for Azure:

https://documentation.meraki.com/MX/Other_Topics/Deploying_Highly_Available_vMX_in_Azure 

0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
‎May 21 2022 4:01 PM
‎May 21 2022 4:01 PM

It is possible to have your VMX Hubs configured not to have direct AutoVPN tunnels between them (call Support for this).   Note that this is an 'all or nothing' switch for all Hubs in your Organization..

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.