IPSEC tunnel with non meraki VPN for MX85 warmspare with uplink from MG41
Hello, We have a warmspare device MX85 connected to MG41. MX WAN IP is taken from MG41(IPv4 ip addressing and NAT), so on left side of pane we get the public IP info(which is the SIM IP) and on right side in uplink tab WAN2 we get the ip from MG41 which is private IP(as shown in screenshot). For primary we have ISP fiber link and we get public IP on uplink(not private) and created the ipsec tunnel to non-meraki(CSR1000). The tunnel works fine for primary, but for backup what IP should be used at peer side, I used public IP and the state of tunnel was UP-Idle(UI) at CSR side.
Should i set peer (public IP) or (private IP 172.31.128.4) in my case or need to add private subnet from MG into interesting traffic
config at CSR
crypto map tunnel 40 ipsec-isakmp set peer (publicIP) or 172.31.128.4 set security-association lifetime seconds 28800 set transform-set VPN-tunnel set pfs group14 set isakmp-profile VPN-tunnel-R02 match address Interesting_Traffic