Hi all, new to Meraki but have been doing network design for some time. After reading the documentation I am still confused on how to move forward on the data center. We are mostly cloud based for infrastructure. The "Data Center" will have minimal kit and basically be a few circuits and our cloud Direct Connect and maybe some domain controllers. Our budget is limited so I would like the MX to still be able to use the firewall IDS/IPS capability while acting as the SD-WAN VPN Concentrator. I find that information is a little lacking. I was thinking of something like below with the MX in NAT mode concentrator mode, would that work for our minimal needs?
You could run the MX250's in NAT mode (just like a branch). This lets you use IPS and content fitlering. This is the approach I use the most. Note that dynamic routing protocols are mostly disabled in this configuration - but you should only need a default route pointing towards them from Cisco switch core.
You could run the MX250's in passthrough mode. It acts like a layer 2 bridge in this case. You can still do IPS and content filtering.
So a MX in routed mode will still allow the active-active SD-WAN connectivity? My interpretation made it seem like you needed a VPN concentrator. If that's the case your first option would make the most sense with the added bonus of not actually needing the ISRs on the outside as we just need a static route to our ISP and the MX would handle the NAT.
Yeah the plan was a DIA type circuit with primary and a business class broadband as secondary but would like to achieve active active if possible, with dedicated VoIP and corporate traffic over the DIA and normal Internet surfing off the broadband.