Today, a customer asks me to build a Site-to-Site VPN between their Meraki environment with Azure, they also need Veeam backup copy to Azure, they are using other cloud provider for their remote backup repository, this will save customer 13K per year after switch to Azure, let’s follow the steps and do it.
Settings in Microsoft Azure
- Logon to Azure portal and click +New.
2. In the Search the marketplace field, type Virtual Network and then Enter.
3. click Virtual Network, select Resource Manager from the Select a deployment model and then click Create.
4. On the Create virtual network page, enter the name for your virtual network in Name filed.
5. In the Address space filed, enter the address space, make sure that the address space that you specify does not overlap with the address space for your on-premises location.
6. In the Subnet name field, enter the subnet name.
7. In the Subnet address range field, enter the subnet address range, but don’t use all of address space for this, because you need to reserve space for gateway subnet.
8. In the Subscription field, verify that the subscription listed is the correct one.
9. In the Resource group field, create a new one by typing a name for your new resource group.
10. In the Location field, select the location for your Virtual Network and then select Pin to dashboard.
11. Select Subnets after the virtual Network is be created, click +Gateway subnet.
12. In the Address range field, enter your gateway subnet and then click OK.
13. On the left side of the portal page, click +.
14. In the search filed, type Virtual Network Gateway and the enter.
15. click Virtual Network Gateway in Results and then click Create.
16. On the Create virtual network gateway page, type the virtual gateway name in the Name field.
17. Select VPN as the Gateway type.
18. Select Policy-based as the VPN type.
19. Select Computer Account and then click Next.
20. Select Local Computer and then click Finish.
21. Select Basic as SKU.
22. Click Choose a virtual network in Virtual network field and select the new created virtual network.
23. Click Choose a public IP address in the Public IP address field, click Create new.
24. Type gateway IP address name in the Name field and then click OK.
25. Select Pin to dashboard and then click Create.
26. Select All resources in the Azure portal, click +Add.
27. Type local network gateway in search and then hit Enter.
28. Select Local network gateway and click Create.
29. On the Create local network gateway page, type your on-premises site name in the Name field.
30. In the IP address field, type the public IP address of the VPN device at on-premises site.
31. In the address space field, type the on-premises IP address range.
32. In the Resource Group field, Select Use existing and select the existing the resource group name.
33. Select Pin to dashboard and then click Create.
34. On the dashboard of Azure portal, select Virtual Network Gateway that we created.
35. Select Connections and then click +Add.
36. On the Add connection page, type Site-to-Site VPN name to the Name field.
37. Select Site-to-site (IPSEC) as Connection type.
38. In the Local network gateway field, select the local network gateway that we created.
39. Type shared key in the Shared key (PSK) field, this shared must be matched with your on-premises VPN device and then click OK.
Settings in Cisco Meraki site
- Logon to Cisco Meraki portal.
- Select Security appliance and click Site-to-site VPN.
3. In the Site-to-site VPN field, select Hub.
4. On the VPN settings, select the local networks that you want to connect to Azure and then select yes for Use VPN.
5. Select Automatic for NAT traversal.
6. On the Organization-wide settings page, click add a peer in the Non-Meraki VPN peers.
7. In the Public IP field, type the public IP address of Azure Virtual Network Gateway.
8. In the IPsec policies field, click default and change it to Azure.
9. Type shared key in the Preshared secret filed, this key must match with Azure.
10. Select All networks in the Availability field and then click Save Changes.
Verify the VPN connection
- Logon Azure portal.
- select the virtual network gateway and then click connections.
- Check the VPN status and make sure it’s Connected.
4. Logon on the Cisco Meraki portal.
5. Select Security appliance and click VPN status.
6. Click Non-Meraki peer and make sure the VPN status is green
Now, we have Site-to-site VPN successfully, and then we are going to setup Veeam backup copy from on-premises to Azure.
Stay tuned, see you at next post.
Hope you enjoy this post.
Cary Sun @SifuSun
Hi,
Great piece of Tutorial.
However when I do it the connection doesn’t stabilize and never gets connected. actually doesn’t go to phase 2 of the login process.
Any insight?
Hi, I am currently trying to connect Azure to a Cisco Meraki MX400 device although I am having trouble getting the connection to work. The connection status only displays connecting. When viewing the logs from Azure it seems that Azure is receiving packets from Meraki on port while Azure is replying using port 500 although when looking at Meraki’s logs, it shows there that Meraki is negotiating with Azure using port 500. Can you help me out? I have followed the steps you indicated above and even redid the whole configuration.
Hello I arrive to your blog looking for a answer to connect one azure gateway, to multiple meraki MX appliance, with only one this works fine, but add one more meraki MX, and vpn tunnel don’t get up (anyone of 2).
Have you some experience wuith that?
Not really we only have worked with single Meraki MX Appliances.