I'm trying to get a VPN topology to be resilient. I (will) have 2 x MX100s in Warm Spare mode using Virtual IP on WAN side. I have currently got a couple of Non-meraki VPNs; one to Azure and one to AWS. I need to make these as resilient as possible.
1) Single VPNs to each end point query and which IP on Meraki to use.
The VPNs are currently working ok terminated on the real WAN IP of the current single MX100. When I switch over to Warm Spare mode and insert the second MX100 into the topology, would I reconfigure the remote VPNs (Azure and AWS) to peer with the Virtual IP or would I leave it as the real IP? (I have a /29 transit subnet).
2) AWS dual VPN.
AWS always setup a second VPN peer as they randomly do maintenance on a single peer so I'm supposed to configure this for resilience apparently. Is this possible? I'm reading that it is not and I'm hoping the firmware has developed to the point where it is now possible. Has anyone done it? If not, are there any workarounds?
3) Dual WANs on Warm Spare
I also have another Internet connection on WAN2 from a different provider so has a different /29 hand-off. Can I use this to enhance resilience in either of the above scenarios? Getting resilience from a single Internet pipe failure would be brilliant without having to reconfigure peers.
Thanks in advance.