While I understand that a VMX is the preferred method as a hub in the public cloud, it is not a feasible option for a deployment I am working on .We have over 100 sites that all have an MX. We want to use a 3rd party (Azure) as the VPN hub. Only 1 branch need connectivity to all of the other sites but that traffic needs to traverse Azure (3rd party hub) . Due to the limitation of VPN enablement on a spoke having to be connected to at least 1 hub, I am going to choose 1 of the spoke locations to be a hub and then block the traffic from other sites to the meraki hub.
Now, for the site that actually needs to connect to the spokes (call it hub2 192.168.1.0/24), How can I advertise it's subnet in the 3rd party VPN so that it traverses Azure first before it reaches it's destination (spoke 192.168.2.0/24). I don't think I could add the 192.168.1.0/24 as a remote subnet as it would conflict with the on prem hub2 network which has a connection to Azure.
I know it is not ideal but there has to be a way to have a non-meraki 3rd party vpn peer who's role is the hub.
I think you are going to need to put that one special site into a separate Meraki org. Then you can turn it into a hub, but nothing else will talk to it. You can build your non-Meraki VPN to Azure, have to do the firewall magic, and then talk to all your other sites.