Deploying a Cisco Meraki VMX into Azure

Background:

In our first blog post, over a year ago, we created a Non-Meraki VPN Peer with Azure which Allen used to demo NetApp’s Cloud Volumes ONTAP (CVO).

A few months ago, Allen got a Cisco Meraki VMX license! We tore down his previous Non-Meraki VPN Peer and spun up a Cisco Meraki VMX in Azure, where AutoVPN shines!

We documented the walkthrough for everyone to see!

Topology:
Configuration:
  1. Meraki Dashboard: Create a network for the VMX
  2. Azure Portal: Create a Resource Group
  3. Azure Portal: Create a Virtual Network
  4. Azure Portal: Create the VMX
  5. Meraki Dashboard: Gather the VMX IP Address
  6. Azure Portal: Create a Route Table
  7. Meraki Dashboard: Enable AutoVPN for the VMX Network
Create a network for the VMX:
After logging into the Meraki Dashboard, create a network by clicking:
1. The Network drop-down, and
2. “Create a network”.
Enter the options for your Network and click “Create network”:
– Network name = 097-azr
– Network type = Security appliance
If you have licenses for different sized VMX appliances, choose the appropriate sized VMX.
Click on “Generate authentication token…”
– Note, this authentication token is valid for one hour, which is plenty of time to complete these steps.
Copy the VMX authentication token.
Create a Resource Group:
Login to your Azure Portal and click “Resource Group”.
Click “Create”.
Enter the options for your Resource Group:
– Subscription = Microsoft Partner Network
– Resource group = RG-WUS3-AJ-01
– Region = (US) West US 3
Click “Review + create”.
Click “Create”.
Click on the newly created Resource Group.
Create a Virtual Network:
Click “Create”.
Search for, and then click on, “Virtual Network”.
Click the “Create” drop-down for ‘Virtual Network’.
Click “Virtual Network”.
Enter the options for your Virtual Network:
– Subscription = Microsoft Partner Network
– Resource group = RG-WUS3-AJ-01
– Virtual network name = RG-WUS3-AJ-01-VNET-01
– Region = (US) West US 3
Click “Next”.
Click “Next”.
Specify the address space:
– Address space = 10.97.0.0/16
Delete the default subnet.
Click “Add a subnet”.
Enter the options for the VMX Subnet:
Special Note: the subnet used for the VMX must have the name “SD-WAN”.
– Subnet purpose = Default
– Name = SD-WAN
– IPv4 address range = 10.97.0.0/16
– Starting address = 10.97.11.0
– Size = /24
Click “Add”.
Click “Add a subnet”.
Enter the options for the NetApp-CVO Subnet:
– Subnet purpose = Default
– Name = NetApp-CVO
– IPv4 address range = 10.97.0.0/16
– Starting address = 10.97.19.0
– Size = /24
Click “Add”.
Click “Review + create”.
Click “Create”.
Click the resource group.
Create the VMX:
Click “Create”.
Search for, and click on, “Meraki VMX”.
Click the “Create” drop-down for ‘Cisco Meraki vMX’.
Click “Cisco Meraki vMX”.
Enter the options for Cisco Meraki VMX:
– Subscription = Microsoft Partner Network
– Resource group = RG-WUS3-AJ-01
– Region = West US 3
– VM Name = azr-net-gate1
– Meraki Authentication Token = <pasted from the authentication token generate by the Meraki Dashboard>
– Zone = None
– Application Name = azrnetgate1
– Managed Resource Group = mrg-cisco-meraki-vmx-01
Click “Next”.
Select the recently created Virtual Network and SD-WAN Subnet:
– Virtual Network = RG-WUS3-AJ-01-VNET-01
– Subnet = SD-WAN
Click “Next”.
Presuming you agree to the ‘Co-Admin Access Permission’, click the checkbox for “I agree to the terms and conditions above.”
Click “Create”.
Click on the resource group.
Gather the VMX IP Address:
Going back to the Meraki Dashboard, go to the “Uplink” tab for the VMX.
Take note of the VMX appliance’s IP address.
Create a Route Table:
Going back to the Azure Portal, click “Create”.
Search for, and click on, “Route table”.
Click the “Create” drop-down for ‘Route table’.
Click “Route table”.
Enter the options for the Route table:
– Subscription = Microsoft Partner Network
– Resource group = RG-WUS3-AJ-01
– Region = West US 3
– Name = RG-WUS3-AJ-01-RTE-TBL-01
Click “Review + create”.
Click “Create”.
Click “Go to resource”.
Click “Routes”.
Click “Add”.
Enter the options for the Route table:
– Route name = AutoVPN
– Destination type = IP Addresses
– Destination IP addresses/CIDR ranges = 10.96.0.0/12
– Next hop type = Virtual appliance
– Next hop address = 10.97.11.4 … (this is the address gathered from the VMX appliance’s uplink page)
Click “Add”.
Enable AutoVPN for the VMX Network:
Going back to the Meraki Dashboard, navigate to “Security & SD-WAN” –> “Site-to-site VPN”.
Specify the options for the Virtual Network in Azure:
– VPN Type = Hub
– Local network name = azr
– Local network subnet = 10.97.0.0/16
Click “Save Changes” as it pops up in the bottom right corner or scroll to the bottom of the page.

After a few minutes, the VMX will establish site-to-site VPNs with your other hubs and you will have secure transport between on-prem resources and Azure hosted resources!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top