Meraki

Fabian1 · ‎May 13 2025

Hi everyone,

at the moment we are using an AWS vMX in passthrough mode for connecting our sdwan sites to AWS and having some third party connections, too.

Now we are thinking about using this vMX as an internet gateway too, so that servers in AWS would use the mx for internet access. The advantage would be, we don't need a second firewall anymore and we have all in one with Meraki.

Therefor I have to configure the appliance in routed mode so that internet traffic get the IP from the MX.

Is there any downside I'm missing here? Of course i have to configure some static routes and a vlan interface, but I'm not sure if there are any other problems in this scenario.

Thanks!

alemabrahao · ‎May 13 2025

I see two potential downtimes here. First, routing all internet traffic through the VMX could impact performance, especially if the device is handling a significant amount of traffic. Second, if the VMX fails, both SD-WAN and internet connectivity could be affected.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎May 13 2025

There is a FAQ here.

https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ

One thing you gain is that you can use the VMX in NAT mode as a full tunnel client VPN concentrator, because the traffic to the Internet will be NATed to the MX interface.

One problem that used to exist (don't know if it still does), is you can have traffic go from a spoke to the VMX, but traffic from initiated from the cloud can not go through the MX back to a spoke (because it gets NATed).

Meraki

Community

vMX Passthrough - Routed

vMX Passthrough - Routed