vMX and vWAN in Azure

Elliot_Sandell
Here to help

vMX and vWAN in Azure

Hello have a couple of questions around vMX in Azure as its been a while!


  • Meraki vMX and Client VPN in conjunction with vWAN (so routes learned via eBGP) is client transport to a S2S VPN terminated on the VPN gateway supported?
    • I.e. Client VPN terminates on the vMX and routes towards a S2S VPN that terminates in vWAN as well?

 

 

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

I am having trouble understanding the question.  Could you expand it a bit more?

Elliot_Sandell
Here to help

Teach me for writing question last thing on a Friday...

 

In the context of the current vMX capabilities in Azure, I’m considering using a vMX appliance and have a requirement for Client VPN (Secure Client).  Have the option of terminating some site-to-site vpns (third party IPSEC) onto the vMX or on something else (vWAN / Azure VPN Gateway).

 

First Question:  Client VPN and S2S routing with vMX in Azure

 

My understanding is that if both Client VPN and S2S VPNs are terminated on the same vMX, then routing Client VPN traffic towards the S2S tunnels would require eBGP on the external peer, which can make S2S termination on the vMX more complex.

 

  • In a vWAN + Route Server integration scenario, where eBGP is enabled and S2S VPNs are terminated in vWAN, is it correct to assume that Client VPN routing would function as expected?

 

 

Second Question: vMX passthrough vs NAT mode with split tunnelling

 

For a vMX deployed in Azure as part of an SD‑WAN design that requires split‑tunnel spoke routing only, the documentation suggests that passthrough / concentrator mode is supported, but NAT mode is not, as NAT mode would require spokes to default‑route traffic via the vMX.

 

  • Is this still the case when BGP is enabled within AutoVPN and/or external participant routing?

 

 

Same overall scenario where there is a need for some client VPN connectivity on the vMX and passthrough will obviously mean no security services and split tunnelling only, so just trying to understand of there are any differences in the documentation vs actual experiences for anyone else. 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels