vMX 100 multiple subnets

SOLVED
EduardoML
Comes here often

vMX 100 multiple subnets

Hello Community!

 

I was wondering if you could help me determine if it is possible to use the vMX 100 in multiple zones/subnets

As far I've seen in the setup guide it only mentions when installing to select a VPC and then a subnet from that VPC.

But is it possible to use it for more subnet or does it will only work within the subnet of the VPC where it was installed?

 

Kind regards,

EM.

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I remember how I did this now!

 

Go:

Security Appliance/Site to Site VPN

Under "VPN settings/Local networks" you can put in all the subnets you use in AWS from all the availability zones in the region.

View solution in original post

7 REPLIES 7
PhilipDAth
Kind of a big deal
Kind of a big deal

I setup one for a client that could access two subnets in Amazon.  I'm pretty sure I did this by adding a static route on the vMX to the second subnet and saying to include that in AutoVPN.

 

However when I go to look at it now I can't get to the section where you can add static routes.  The route table does show both of the subnets used by the client in Amazon AWS.

 

 

So now I'm not sure.  Either it used to allow static routes and doesn't now, or - well I really can't think of any other option.

PhilipDAth
Kind of a big deal
Kind of a big deal

I remember how I did this now!

 

Go:

Security Appliance/Site to Site VPN

Under "VPN settings/Local networks" you can put in all the subnets you use in AWS from all the availability zones in the region.

Hi @PhilipDAth 

Sorry for replying to an old thread.

If I add multiple subnets to the VMX LAN side,(ie in Azure), would the VMX bridge between the two?  Would I use the L3 firewall on the VMX to prevent this behaviour?

 

TIA

PhilipDAth
Kind of a big deal
Kind of a big deal

The standard configuration uses a single interface in the VMX in Azure.  The VMX sends all the extra subnets you add to the Azure default gateway, and that does the routing.

If I don't want the Azure subnets to see each other though, can I use the firewall rules on the vMX to block inter-subnet traffic?

PhilipDAth
Kind of a big deal
Kind of a big deal

You would use something like an Azure network security group to limit what things can talk to other things in Azure.

Thanks, that's down to the guys that look after the Azure end. Just wanted to ensure that I am not somehow bridging those subnets via the vMX.

Get notified when there are additional replies to this discussion.