Meraki

Community

query regarding Meraki Mx

Vishal07
Getting noticed
2 weeks ago
2 weeks ago

query regarding Meraki Mx

Hi All,

 

Need help on below points.

 

1. Procure below  license for Mx 105 HW, can we use it to setup Virtual Mx VMx-L, if we have in spare ?

Meraki MX Large Essentials EA 3.0 LIC and Support

 

2. Do we need to buy or procure any license from Azure, if we plan to deploy virtual mx in their cloud ?

 

3. What will be preferred mode for Vmx in azure if we are planning to use for vpn termination ?

 

4. Does Vmx-L supports Nat mode in Azure? . below link says it doesnt

 

https://cloudcontrolled.uk/wp-content/uploads/2019/06/vMX100-Setup-Guide-for-Microsoft-Azure.pdf?srs...

Labels:
0 Kudos
9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

No, the Meraki MX Large Essentials EA 3.0 license is tied to physical MX hardware, such as the MX105. It cannot be reused for a vMX-L deployment. The vMX appliances require their own dedicated license, typically labeled as LIC-VMX-L-ENT-xY.

 

Yes, you need an active Azure subscription, but no separate license from Azure is required specifically for the Meraki vMX.

 

vMX Setup Guide for Microsoft Azure - Cisco Meraki Documentation

 

The preferred mode is Routed/NAT Mode, especially for newer deployments. All new vMX instances are deployed in Routed/NAT Mode by default.

 

Yes, vMX-L supports NAT mode in Azure, starting from firmware MX 19.1+.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Vishal07
Getting noticed
2 weeks ago
2 weeks ago

The preferred mode is Routed/NAT Mode, especially for newer deployments. All new vMX instances are deployed in Routed/NAT Mode by default.

 

Remarks - what will be the advantage for using nat/routed mode and not vpn concentrator if our requirement is forming auto vpn between Vmx and branch Mx

0 Kudos
In response to Vishal07
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

For most Auto VPN use cases between Azure and branch offices, Routed/NAT Mode is preferred because it offers greater flexibility, security, and integration capabilities. VPN Concentrator mode is more limited and best suited for very specific scenarios.

 

When to Consider VPN Concentrator Mode Instead?

If your Azure environment already has a dedicated firewall or router handling routing and NAT.
If you want the vMX to act only as a VPN endpoint, without participating in routing or security.
If you need to avoid double NAT or simplify routing in complex environments.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Vishal07
Getting noticed
2 weeks ago
2 weeks ago

Thank you so much for your in detailed explanation. One last question.

 

What will be preferable mode for VPN between Azure vmx and branch firewall behind the nat

0 Kudos
In response to Vishal07
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It depends on your needs. This is more your choice than any recommendation.

I personally prefer to use routed mode. I did use VPN concentator mode once, but that was because the customer only needed VPN functionality because they already had another firewall.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Vishal07
Getting noticed
2 weeks ago
2 weeks ago

https://cloudcontrolled.uk/wp-content/uploads/2019/06/vMX100-Setup-Guide-for-Microsoft-Azure.pdf?srs... Link says vmx-100 not supported. Does vmx-100 and vmx-L are same with different naming convention ?

0 Kudos
In response to Vishal07
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It's a old domentation, take a look at the official documentation.

 

https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure

 

alemabrahao_0-1759754241361.pngalemabrahao_1-1759754255226.png

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Mloraditch
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

The  license listed is an Enterprise Agreement License which uses the same mappings as Subscriptions as far as what's allowed to be used against it: https://documentation.meraki.com/General_Administration/Licensing/Subscription_-_MX_Licensing

SO If you have an EA then this would be valid for a VMX-L.  Otherwise @alemabrahao is correct and you need the correct distinct license.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
Vishal07
Getting noticed
a week ago
a week ago

Yes, its an EA. So i can use MX-100 licenses as vmx-L and Mx-68 as vmx-S ?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.