Site-to-site VPN with Meraki and Azure

After setting up point-to-site VPNs on Azure, I thought I’d just throw in quickly also a site-to-site connection between the office Meraki MX device and the Azure VPN gateway.

Turned out it was not so straightforward. The VPN gateway on Azure was route based, which means IKEv2. To my surprise the Cisco Meraki devices don’t support IKEv2. Only IKEv1. There’s a long-running discussion chain on the Meraki support site regarding this topic. Seems to be you should not hold your breath while waiting for the IKEv2 support to arrive.

The incompatibility between Azure and VPN is also stated in the Azure documentation. Apparently there’s also some potential compability issues also with the policy based VPN gateways as Microsoft says Meraki is “not supported” with them as well. Meraki is also pointing out the potential issues on their support pages.

The official recommendation from Meraki is to just go with the vMX100 virtual appliance, which is available on both AWS and Azure.

Other options seems to be running a custom VM with Ubuntu/strongSwan. Maybe pfSense would also do.

Edit: 20th of May 2019. According to discussions on Meraki site the IKEv2 support is finally rolling out. Requires the latest firmware and you need to request support to enable the feature.