I'm new to using Meraki firewalls as we just put in an MX84 in passthrough mode in our home office and installed two MX67's in two remote sites for site to site VPN the first week in January.
We've been running fine with our MX84 in passthrough/concentrator mode as a hub and our two remote sites as spokes. Our two remote sites use different ISP's for their internet circuit. One is a local ISP and the other is Charter. In our home office where the MX84 lives, we have two internet circuits, one CenturyLink and one Charter.
Both remote site VPN tunnels are using the CenturyLink circuit at the home office. What i'm trying to do is use CenturyLink circuit in the home office for the remote site that has a local ISP and the Charter circuit in the home office for the remote site that has Charter for internet.
I spoke to support briefly and the mentioned i needed to move the MX84 from concentrator mode to routed mode. I didn't want to do so during business hours so i attempted to figure it out after hours. I'm not having any luck.
Attached is a picture of how things are setup. The red line represents the connection to the charter circuit that i would like the vpn to go through to one of our other remote sites.
Re: MX84 Hub Site to Site VPN with multiple circuits
I think what you'll have to do is provide the MX with the two different ISPs on it's two WAN ports. If you do, each remote location will have two tunnels going to the hub, one over each provider (one over each hub WAN port). In case, if there is a problem with a provider, only the site remote site using that provider would go down.
One way to do that is to have Sonicwall provide the two provider links on separate VLANs in a trunk towards the switch. Then use the switch to split that trunk up into two physical ports to connect to the MX.
The MX will indeed need to be in NAT mode for that I think.