Hey everyone! I'm currently setting up a vMX to serve as a gateway for some Azure resources like AVD session hosts and a few container apps. Here's what I've got so far:
- VNET: 10.2.0.0/16
- vMX WAN subnet: 10.2.1.0/24
- vMX LAN subnet: 10.2.2.0/24
The vMX is up and running, with the VLAN configured as a supernet (10.2.2.0/22) and the interface IP set to 10.2.2.0.254. I've got some VMs and apps in smaller subnets such as 10.2.3.0/27.
While a VM in that subnet shows it's connected to the internet and traffic appears to flow through the Meraki dashboard, I'm facing various routing and ping issues. I'm just wondering if this setup is valid or if I'm missing something. Furthermore, I've created a UDR for every app and VM subnet that sends traffic to 0.0.0.0/0 with the next hop being the vMX LAN IP (10.2.2.4).
Also, I can connect to the vMX via client VPN, but once connected, I can't ping or access anything, even though both LAN and VPN should be able to participate together. For testing, I've set an allow any any rule on the NSGs applied to all relevant subnets. Any insights would be appreciated!
2 Answers
Did you make sure to enable IP forwarding on the NIC that's connected to the LAN side? Sometimes that's a key step that gets overlooked.
I've set up several vMXs, and they've mostly functioned as VPN concentrators. If Meraki introduced new gateway or NGFW functionality, that's news to me. But from what I've learned, any vMX running MX19.1 or later can indeed support full routed NAT mode with dedicated WAN and LAN ports. This makes it great for simplifying cloud deployments where you want to use the vMX as a secure cloud gateway. Check out the documentation for more details!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures