cancel
Showing results for 
Search instead for 
Did you mean: 

vMX + AWS

Here to help

vMX + AWS

Hi,

 

I have inherited an AWS environment that's in transition from an on-premise to cloud base infrastructure.

 

Looking to see if there is any reference architecture to see how the vMX should be deployed. Has everyone just placed it within their public subnet?

 

Also curious whether having the vMX negates the need for a NAT gateway / NAT instance.

 

Thanks.

M

7 REPLIES
Kind of a big deal

Re: vMX + AWS

The vMX only does AutoVPN - so you can not use it as a NAT gateway.

 

I would place it into the public segment so it can have its own NATed IP address.

 

This is the deployment guide for setting it up in Amazon AWS.

https://documentation.meraki.com/MX/Installation_Guides/vMX100_Setup_Guide_for_Amazon_AWS

Meraki Employee

Re: vMX + AWS

Yes @mmeck the vMX is basically a virtual MX100 in AWS (or Azure) to act as the AutoVPN concentrator for any of your various physical MX appliances in your Dashboard Org, such as in lots of branch locations, and these would be the two key reference guides for vMX deployment in AWS:  

https://documentation.meraki.com/MX/Installation_Guides/vMX100_Setup_Guide_for_Amazon_AWS

and

https://documentation.meraki.com/MX/Site-to-site_VPN/One-Armed_VPN_Concentrator_Deployment_Guide

Sorry if I misunderstood the question or if you already read through those and weren't sure about your deployment options, let us know.

 

Meraki Employee

Re: vMX + AWS

And what @PhilipDAth said, we answered around the same time... I just talk too much so my answer came 2 minutes after his, LOL

Kind of a big deal

Re: vMX + AWS

@MerakiDave was busy doing this job.  I was looking for a distraction not to do mine.

Here to help

Re: vMX + AWS

Thanks @PhilipDAth and @MerakiDave 

 

So, essentially something like this:

meraki-aws.png

Kind of a big deal

Re: vMX + AWS

Looks good to me.

Meraki Employee

Re: vMX + AWS

Yes, that's a correct diagram.  All you need is a vMX license and you'll have an "Add vMX" button in Dashboard and then you go to the Appliance Status page and generate a token to copy over to AWS, and then proceed to set up the vMX as a one-armed VPN Concentrator as per the support guide.  The install guide also shows the steps to set up your VPN in AWS and configure the vMX to communicate with your Meraki Dashboard.