Just recently got a s2s setup using our main office mx100 public IP and our Azure tenant. All vlans behind the mx100 are able to traverse without issues. We have several other MX and Z* devices in our network, and everything is setup in mesh. When I look at the VPN status of the other networks, the non-Meraki peer Azure vpn is not connecting.
I believe the tunnel is setup right, otherwise I’d figure that the main office MX100 wouldn’t be working. I’ve added all of the subnets from the other networks to the Azure side, and I’ve got the Meraki side of the tunnel setup to allow all networks, but still no go. Meraki support said they don’t see any initiation from the Azure side when we did a pcap. I’m not sure where else to check at this point. Am I supposed to build a separate connection for each Meraki network?
So, you absolutely can build a tunnel using the native Azure VPN function. However, it is not a fun one. I would strongly urge you to consider deploying a VMX in Azure and building a tunnel to it instead. My life improved significantly once I started doing this.
Yes, using the native Azure VPN, you need on-prem gateway connections and subnets defined in Azure for each Meraki network you want to connect.
We got this working 8 months ago on a mx250. Was a pain in the butt but once we ran through it once , recreating tunnels for other subscriptions was easy
Our stumbling block was not adding the meraki subnets to azure s2s connection
2nd this, it makes life way easier
Agree this is the way and ideally 2 x VMX for redundancy, without the VMX, Azure is a Non Meraki Peer which means it isn’t really part of the SDWAN overlay cause untold routing and traffic management issues
And linking it to an instance of Azure Route server with BGP was like magic for us.
I just deployed a Meraki vMX in Azure. I set it up as VPN consentrator and I am able to connect to all my other Meraki firewalls, howeverI am not able to establish a site to site tunnel to a Watchguard firewall.
I am able to establis site to site tunnel between that same watchguard firewall and other phisical Meraki firewalls. I am thinking that my issue may have to do with the Azure public IP address assigned to my vMX is just a NAT to the private IP address on my vMX. Any ideas what I must do? Do I need to port forward UDP 500 and 4500 to the private IP address?