vMX100 - what's the benefit?

Solved
Jonboy
Conversationalist

vMX100 - what's the benefit?

So last month I built a VPN connection from an MX on prem to Azure using the Microsoft Azure VPN/Networking constructs.

 

Today I got pulled into troubleshooting VPN performance at a different client and discovered that they had a vMX100 deployed in Azure, and had connectivity back to their on-prem MX67.

 

In looking at the Azure deployment, the VPN is leveraging the BASIC SKU for VPN, which Microsoft explicitly states is not recommended for production workloads...so I don't know if that is the default for the vMX or if the VPN was just setup that way.

 

So, anyway, back to my question - what are the benefits of leveraging the vMX versus the native Azure VPN?

 

Thanks,

 

Jonboy

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Major benefits:

  • Supports SD-WAN.  So if you have dual connected sites, either for load balancing or failover, SD-WAN will automatically select the best path.  You can also use performance classes to optimise specific types of traffic.
  • Can be used with client VPN, and now with 16.x code, Cisco AnyConnect.
  • If you have lots of sites to connect you do a single configuration in Azure, and that's it.  There is none of this building a seperate VPN to each site.
  • Handles sites with dynamic IP addresses (such as on cellular data).
  • If you have lots of sites it can become cheaper, as there is a single fixed cost, rather than a per VPN fee.

 

Basically, about a million times more functional.

View solution in original post

4 Replies 4
Inderdeep
Kind of a big deal
Kind of a big deal

@Jonboy : vMX is a virtual instance of a Meraki security & SD-WAN appliance You can check the below deployment guide for the vMX in Azure environment

https://documentation.meraki.com/MX/Deployment_Guides/Cisco_Meraki_MX_Branch_to_Azure_Virtual_WAN_De...

 

What is the exact use case you are looking for ? If you have something specific let us know to figure out whether that is achievable or not via vMX ?

Check the features below

https://meraki.cisco.com/product/security-sd-wan/virtual-appliances/vmx-small

 

 

Regards
Inderdeep Singh

www.thenetworkdna.com 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal
Kind of a big deal

Major benefits:

  • Supports SD-WAN.  So if you have dual connected sites, either for load balancing or failover, SD-WAN will automatically select the best path.  You can also use performance classes to optimise specific types of traffic.
  • Can be used with client VPN, and now with 16.x code, Cisco AnyConnect.
  • If you have lots of sites to connect you do a single configuration in Azure, and that's it.  There is none of this building a seperate VPN to each site.
  • Handles sites with dynamic IP addresses (such as on cellular data).
  • If you have lots of sites it can become cheaper, as there is a single fixed cost, rather than a per VPN fee.

 

Basically, about a million times more functional.

PhilipDAth
Kind of a big deal
Kind of a big deal

Even for clients that don't have a VMX I nearly always use StrongWan on Ubuntu.  It's both cheaper and more functional (VPN wise) than the Azure VPN services.

rhbirkelund
Kind of a big deal
Kind of a big deal

Regarding the SKU types, the vMX-M does not choose the IP SKU for you. You have to choose it yourself.
There’s four different types, and the exact difference in performance I have no idea. But you need to choose the right one, because depending on what you choose you’ll not able to utilise ClientVPN due to some firewall rules that are being applied the IP SKU.
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels