I have inherited an AWS environment that's in transition from an on-premise to cloud base infrastructure.
Looking to see if there is any reference architecture to see how the vMX should be deployed. Has everyone just placed it within their public subnet?
Also curious whether having the vMX negates the need for a NAT gateway / NAT instance.
The vMX only does AutoVPN - so you can not use it as a NAT gateway.
I would place it into the public segment so it can have its own NATed IP address.
This is the deployment guide for setting it up in Amazon AWS.
Yes @mmeck the vMX is basically a virtual MX100 in AWS (or Azure) to act as the AutoVPN concentrator for any of your various physical MX appliances in your Dashboard Org, such as in lots of branch locations, and these would be the two key reference guides for vMX deployment in AWS:
Sorry if I misunderstood the question or if you already read through those and weren't sure about your deployment options, let us know.
Yes, that's a correct diagram. All you need is a vMX license and you'll have an "Add vMX" button in Dashboard and then you go to the Appliance Status page and generate a token to copy over to AWS, and then proceed to set up the vMX as a one-armed VPN Concentrator as per the support guide. The install guide also shows the steps to set up your VPN in AWS and configure the vMX to communicate with your Meraki Dashboard.