Hi - have 4 downstream autovpn MX units all spoke with 0.0.0.0 to Azure vMX. Anyconnect clients at Azure.
Need to add 3 non meraki VPNs. 2 of them need the same exit for MX connected and anyconnect connected clients.
Can the non-meraki VPN be tagged "Azure only" so that only the vMX establishes a VPN connection?
And if so, will the downstream MX clients be able to access that VPN?
Or - is it better to Azure S2S and then peer with the MX?
For the remaining non-meraki - its only needed on a single MX. Would the spoke / 0.0.0.0 to azure interfere with this?