cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN tunnel routing from multiple MX through vMX

Conversationalist

VPN tunnel routing from multiple MX through vMX

We have Meraki MX devices in multiple countries and server farms in AWS and Azure. We also have a vMX in Azure.

We've created a tunnel between the vMX and AWS, which is working fine. We need to get the MX devices to route any requests for AWS through the vMX in Azure (over the existing tunnel) rather than having to create individual tunnels in AWS for each MX device.

Can the vMX route all traffic from the remote MX devices to AWS?

If so, how would we configure this?

1 REPLY 1
Kind of a big deal

Re: VPN tunnel routing from multiple MX through vMX

Yes.  In the Azure vMX you just define the AWS subnets in the "Local Networks" section (under Site to Site VPN) so they get advertised into AutoVPN.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings#Local_networks

 

Azure will have to allow the routes, and whatever is providing the link between Azure and AWS will also have to support it.  AWS will also need return routes.

The millions of firewall rules involved will also have to allow it.

 

If it was me, I would just buy a vMX for AWS.  Otherwise it is way too much work and way too many things to look at when something breaks.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.