I have two buildings directly connected by fibre but would like to VPN this connection. They each separately have their own internet connection, and I don't want to use the MX84 to be the main internet connection. I currently achieve this with two Cisco ASA 5520's but would like to replace them.
Is it possible to use 2x MX84's to do this? I was thinking that the WAN1 port from each device could have an internet connection for the Meraki Cloud and the two WAN2 ports could connect directly together for the VPN traffic.
If this won't work (and I'm thinking it won't as the two WAN2 ports are directly connected do not themselves have a connection to meraki cloud to establish the connection) then if the two WAN connections connect directly to a switch (which has a connection to the internet) will it establish the VPN connection and send traffic directly to each other?
Any help or suggestions would be greatly appreciated.
You most likely don't even need VPN in this case. You can use a LAN port and use static routing for their respective networks.
I have a couple of thoughts.
It might be easier to build a non-Meraki VPN between the two devices. This is like building a VPN between a Meraki and a non-Meraki device.
When using AutoVPN over a private circuit the private circuit must be connected to the Internet. If when the MX's go to build a VPN they find that they both share the same public IP address (because of NAT) they then assume they are on the same private network, and then will build the VPN between their private IP addresses.