vMX100 - what's the benefit?

SOLVED
Jonboy
Conversationalist

vMX100 - what's the benefit?

So last month I built a VPN connection from an MX on prem to Azure using the Microsoft Azure VPN/Networking constructs.

 

Today I got pulled into troubleshooting VPN performance at a different client and discovered that they had a vMX100 deployed in Azure, and had connectivity back to their on-prem MX67.

 

In looking at the Azure deployment, the VPN is leveraging the BASIC SKU for VPN, which Microsoft explicitly states is not recommended for production workloads...so I don't know if that is the default for the vMX or if the VPN was just setup that way.

 

So, anyway, back to my question - what are the benefits of leveraging the vMX versus the native Azure VPN?

 

Thanks,

 

Jonboy

1 ACCEPTED SOLUTION

Accepted Solutions
PhilipDAth
Kind of a big deal

Re: vMX100 - what's the benefit?

Major benefits:

  • Supports SD-WAN.  So if you have dual connected sites, either for load balancing or failover, SD-WAN will automatically select the best path.  You can also use performance classes to optimise specific types of traffic.
  • Can be used with client VPN, and now with 16.x code, Cisco AnyConnect.
  • If you have lots of sites to connect you do a single configuration in Azure, and that's it.  There is none of this building a seperate VPN to each site.
  • Handles sites with dynamic IP addresses (such as on cellular data).
  • If you have lots of sites it can become cheaper, as there is a single fixed cost, rather than a per VPN fee.

 

Basically, about a million times more functional.

View solution in original post

4 REPLIES 4
Inderdeep
A model citizen

Re: vMX100 - what's the benefit?

@Jonboy : vMX is a virtual instance of a Meraki security & SD-WAN appliance You can check the below deployment guide for the vMX in Azure environment

https://documentation.meraki.com/MX/Deployment_Guides/Cisco_Meraki_MX_Branch_to_Azure_Virtual_WAN_De...

 

What is the exact use case you are looking for ? If you have something specific let us know to figure out whether that is achievable or not via vMX ?

Check the features below

https://meraki.cisco.com/product/security-sd-wan/virtual-appliances/vmx-small

 

 

Regards
Inderdeep Singh

www.thenetworkdna.com 

Regards
Inderdeep Singh
www.thenetworkdna.com
PhilipDAth
Kind of a big deal

Re: vMX100 - what's the benefit?

Major benefits:

  • Supports SD-WAN.  So if you have dual connected sites, either for load balancing or failover, SD-WAN will automatically select the best path.  You can also use performance classes to optimise specific types of traffic.
  • Can be used with client VPN, and now with 16.x code, Cisco AnyConnect.
  • If you have lots of sites to connect you do a single configuration in Azure, and that's it.  There is none of this building a seperate VPN to each site.
  • Handles sites with dynamic IP addresses (such as on cellular data).
  • If you have lots of sites it can become cheaper, as there is a single fixed cost, rather than a per VPN fee.

 

Basically, about a million times more functional.

View solution in original post

PhilipDAth
Kind of a big deal

Re: vMX100 - what's the benefit?

Even for clients that don't have a VMX I nearly always use StrongWan on Ubuntu.  It's both cheaper and more functional (VPN wise) than the Azure VPN services.

rbnielsen
Head in the Cloud

Re: vMX100 - what's the benefit?

Regarding the SKU types, the vMX-M does not choose the IP SKU for you. You have to choose it yourself.
There’s four different types, and the exact difference in performance I have no idea. But you need to choose the right one, because depending on what you choose you’ll not able to utilise ClientVPN due to some firewall rules that are being applied the IP SKU.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.