I want to set up various infrastructure in MS Azure that will then be available to multiple locations that are equipped with Cisco Meraki MX Security Appliances. Unfortunately, the MXs don't yet support route based VPNs, and Azure only supports multiple site to site networks when using route based VPN. I think similar challenges may exist with AWS and other cloud service providers.
I think I may be able to work around this limitation using a virtual firewall, such as Cisco ASAv, but I haven't been able to find any documentation or marketing material that makes it clear this is suitable. I know I have done hub/spoke VPN with physical ASAs in the past, but I have no experience with ASAv.
Has anyone got any experience doing cloud provider hub with ASAv (or any other virtual firewall) and branch office spoke using firewalls that don't support IKEv2 or route based VPNs, such as Meraki MX, Cisco ASA etc?
Best Answer
As mentioned above, we were able to accomplish this by standing up a Cisco CSR in Azure. We have 50 MX60W's and a few MX100 all connecting into the Azure CSR which then allows a direct connection to our Azure virtual servers.
Of course the best solution would be standing up a virtual MX in Azure. Our Meraki sales rep keeps promising that this is coming but no news yet. He mentioned recently that they are in beta with a virtual MX in AWS. With all focus on setting up cloud-based hosting environments (i.e., Azure, AWS), I think Meraki is missing out on how many companies want to connect all of their locations seamlessly.