Can't get routing working from VNET to Meraki vMX

Question

Can't get routing working from VNET to Meraki vMX

Dennis Lockwald 0

I'm trying to get traffic from a Meraki vMX to Azure vnet but I'm not sure what the next hop is supposed to be for my routing.

Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator

2025-12-01T20:53:49.5433333+00:00
Hello @Dennis Lockwald,

Welcome to Microsoft Q&A Platform and thank you for reaching out.

I understand your question about to route traffic from your Meraki vMX to an Azure Virtual Network, I recommend configuring a User-Defined Route (UDR) with the following key settings:

· Next Hop Type: Select Virtual Appliance in the UDR configuration.

Next Hop IP Address: Use the private IP address of the Meraki vMX appliance deployed within your Azure environment.

Enable IP Forwarding: Make sure IP forwarding is enabled on the vMX's network interface in Azure. This allows the appliance to forward traffic between subnets.

Avoid Routing Loops: It’s best to place the vMX in a dedicated subnet, separate from resources routing through it. Applying the same route table to the vMX subnet can cause routing loops.

To validate your setup, you can use Azure Network Watcher’s Next Hop feature or run the Get-AzEffectiveRouteTable PowerShell cmdlet to ensure the route is correctly applied and traffic is flowing as expected.

If you are using BGP or Azure Route Server, this can simplify routing by advertising routes, allowing you to use the vMX IP or an internal load balancer IP as the next hop to achieve high availability.

For more detailed guidance: Azure virtual network traffic routing | Microsoft Learn

Kindly let us know if the above helps or you need further assistance on this issue.

1 answer

Your answer

Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator

2025-12-01T20:53:49.5433333+00:00

Hello @Dennis Lockwald,

Welcome to Microsoft Q&A Platform and thank you for reaching out.

I understand your question about to route traffic from your Meraki vMX to an Azure Virtual Network, I recommend configuring a User-Defined Route (UDR) with the following key settings:

· Next Hop Type: Select Virtual Appliance in the UDR configuration.

Next Hop IP Address: Use the private IP address of the Meraki vMX appliance deployed within your Azure environment.

Enable IP Forwarding: Make sure IP forwarding is enabled on the vMX's network interface in Azure. This allows the appliance to forward traffic between subnets.

Avoid Routing Loops: It’s best to place the vMX in a dedicated subnet, separate from resources routing through it. Applying the same route table to the vMX subnet can cause routing loops.

To validate your setup, you can use Azure Network Watcher’s Next Hop feature or run the Get-AzEffectiveRouteTable PowerShell cmdlet to ensure the route is correctly applied and traffic is flowing as expected.

If you are using BGP or Azure Route Server, this can simplify routing by advertising routes, allowing you to use the vMX IP or an internal load balancer IP as the next hop to achieve high availability.

For more detailed guidance: Azure virtual network traffic routing | Microsoft Learn

Kindly let us know if the above helps or you need further assistance on this issue.

Answer 1

To route traffic from a Meraki vMX to an Azure Virtual Network (VNet), you need to determine the correct next hop for your routing configuration. The next hop can depend on several factors, including your specific network setup and the destination IP addresses involved.

You can use the Azure Network Watcher’s Next hop capability to identify the next hop type for traffic destined to a specific location. This can help you understand if the traffic is being routed correctly or if there are any issues.

To test the routing:

Ensure that you have a network watcher enabled in the region where your VNet is located.
Use the az network watcher show-next-hop command to check the next hop for the traffic from your Meraki vMX to the Azure VNet. You will need to specify the destination IP address that you are trying to reach.
The output will indicate the next hop type, which could be Internet, Virtual Network, or None. If it shows None, it means that there is no valid route to the destination, and you may need to adjust your routing configuration accordingly.

If you are using custom routes, ensure that they do not conflict with the default routes created by Azure. Additionally, if you are using a VPN gateway or Network Virtual Appliance (NVA), make sure that the routing is correctly configured to allow traffic to flow from the Meraki vMX to the Azure VNet.

For further troubleshooting, consider using the connection troubleshoot capability of Network Watcher to identify any filtering or in-OS causes of communication problems.

References:

Share via

Can't get routing working from VNET to Meraki vMX

1 answer

Your answer