Azure private endpoints-how to connect from azure resource to remote Meraki??

Sharyn Schmidt 241 Reputation points
2024-03-03T16:34:23.85+00:00

I am trying to configure an Azure endpoint from a remote site to an azure vm. This is an alternate way of connecting in case our vpn tunnel collapses.

Here is the setup:

HQ (headquarters) Meraki mx84 has a site to site always on vpn tunnel to the Meraki VMX in Azure. There are remote sites that have meraki mx64s that route all traffic (except internet) to the hq mx84 vpn tunnel which then routes everything to azure, via the vmx.

We are looking to have some redundancy for the remote sites in case the HQ meraki fails and drops the vpn tunnel to azure. I am trying to configure a private endpoint from specific azure resources (Azure VM to start with) to our remote sites, bypassing the entire meraki vpn tunnels and going directly to azure from the remote sites.

My first step I believe is to set up the endpoint in azure. I want to ensure no external traffic is allowed into the resource (vm) that I'm setting up the endpoint on, except for the remote site traffic that would go thru the vpn tunnel.

Unfortunately, I dont have a network diagram but in a nutshell, I"m trying to set up a private endpoint for an azure resource that traffic from my remote site will go to.

Hope this makes sense.

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
469 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 54,646 Reputation points
    2024-03-03T18:18:29.9366667+00:00

    Hi Sharyn,

    This is not what Azure private endpoints are for. They are meant to connect Azure resources privately.

    I believe you are looking for Site to Site VPN with Azure:

    Configuring Site to Site VPN tunnels to Azure VPN Gateway

    https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site_to_Site_VPN_tunnels_to_Azure_VPN_Gateway

    What is Azure VPN Gateway?

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

    Azure VPN Gateway is a service that can be used to send encrypted traffic between an Azure virtual network and on-premises locations over the public Internet.

    If this is helpful please accept answer.

  2. ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee
    2024-03-15T02:17:55.59+00:00

    @Sharyn Schmidt

    Thank you for reaching out. I am answering the follow-up questions you had above.

    Our primary route to azure is a site to site vpn with our hq meraki. The hq meraki then routes traffic to an azure meraki vmx, which is a site to site vpn tunnel via the 2 merakis. Is it possible to have 2 site to site vpn tunnels on the same device going to 2 different places, ie 1 tunnel to our hq meraki and the other to azure via the azure vpn gateway?

    Based on my understanding. Yes, I think this should be fine just make sure advertise the correct routes to each VPN tunnel. You can follow the configuration guide here for setting Azure S2S VPN using Cisco Meraki device.

    In the dropdown, it does not show up as a vnet that can be used for the virtual network gateway.

    This can happen if the Virtual Network created is not in the same region you are deploying the VPN Gateway to.

    If they are in the same region then this might be transient portal issue and it will help if you can follow the PowerShell tutorial here and see if you are able to deploy VPN Gateway in the Vnet created.

    Regarding your original question above, after you have set-up the VPN connectivity, you can follow the guide here for on-premises workloads to resolve the FQDN of a private endpoint.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    0 comments