@Sleimanas @DarrenOC said we run a setup similar to this, we actually have two private WANs at each site with one of the WAN ports on a VPLS (L2 MPLS) WAN and the other either on a second VPLS or a routed MPLS.  None of the VPLS or MPLS WANs has internet breakout and that is provided to all sites from the datacenter.  The VPLS WANs have a single class C subnet as you are wanting to do with 3 IP addresses at each site (HA pair).  For us the datacenter actually has a routed switch stack on the WAN edge and the MX pair there are in single armed concentrator mode.  We use a different vendor's firewalls for the corporate internet breakout.  This has worked well for over a year and as all WAN IP addresses for all MXs appear as the same public IP (the main datacenter corporate firewall external IP), the Auto-VPN builds multiple routes across the private WANs and load-balances between them nicely.

Hi, thanks for the reply. So each site gets NAT'd to the WAN interface IP of the MX at the specific location? 

@Sleiman If you use Auto-VPN over the L2 WAN then it connects prior to NAT so the LAN IPs from one site are seen at the other site.  In terms of the WAN IP shown in the dashboard, they all show the central site corporate internet connection IP. 

This may well be different if you have one WAN on public internet and one WAN on private WAN.

If you don't full tunnel over the auto-VPN then yes the WAN port IP from the site is how the traffic appears to the corporate firewalls, you can disable NAT on the WAN port in MX15 to fix this.

This worked fine for us. We had to give the MXs internet access over the WAN1 interface for them to establish the VPN tunnel, and we had create a transit LAN for the MX to reach the LAN subnets.