However, there are two things that needs more clarification:
1> I understand both MX ports have inbuilt default route toward default gateway(that we configure) so as soon as ports are assigned with IP addresses(Pulbic and Private) they would send the Internet traffic to their default gateway(by default feature) to make connection with VPN registry. Is this right? or we need to point some static entry in MX for default route. IF yes then how.
2> how the branch MPLS port is going to make auto vpn with HUB site when it has no direct route for Internet as private IP is configured to this port? I mean what configure is required so this private IP can reach out to Meraki cloud and then it allows to build the auto vpn with HUB site.
3> Do both branch ports make the auto vpn tunnel with all the wan ports at hub site like branch Internet to HUB internet port, branch Internet to HUB MPLS, branch MPLS to HUB internet and branch MPLS to HUB MPLS
It would be great if you can tell me about them as well.
1> Yes the MX will send the traffic to the default gateway configured for the WAN port, nothing else to do here - it will contact the registry.
2> The branch MX will need a connection to the internet. This could either be from your carriage provider with a NATed solution out of the MPLS WAN or by using a VPN concentrator setup at the head-end so that non-VPN traffic from the branch MX can go via the data centre and via another firewall/NAT to the internet.
3> If you have the branch MX configured to build VPN tunnels on both ports then it will try to build all the tunnels it can. Normally, however, there isn’t a path between the Internet and MPLS network that the tunnel can be established on, and so you only get MPLS to MPLS and Internet to Internet.