So we recently signed on with Comcast SD WAN because the cost was minimal in addition to our other services.
I am going to transition off of the Meraki VPNs and use the Comcast VPNs as a few of our sites are in their footprint and then will use their backend for faster routing than going through the internet.
The comcast setup has a routing device that has a handoff with a local ip. We will say 172.16.16.1 is the comcast device and 172.16.16.2 is my MX device. Now I have moved all the VLANS and routing to downstream switches. The comcast edge device does not provide IPS and content filtering so I will continue using the MX's for that in "Passthrough" mode.
I won't be using the Meraki VPN functionality. I would then have Comcast->Firewall->Meraki Switch. Would I then want an interface on the switch in the 172.16.16.0 subnet and use the Comcast device .1 as the switch gateway? Do I need the Comcast routes to then point at my switch and not my firewall? Since I am using the Comcast VPNs the traffic can't be Nat'd (which is why I am configuring passthrough) I don't want to use it as a VPN concentrator or dont see a reason to. If I can't use static routes on the passthrough MX then how does the MX know what traffic from my other sites coming from comcast to pass to my switch? Which is why I am asking..do I need the switch to be the gateway for this traffic from comcast?
EG:
Location 1:
Comcast Edge device has local IP of 172.16.16.1
MX Passthrough Device has local IP of 172.16.16.2
Switch has an interface for this 10.10.0.0/24 network, does it also need to be on the 172 to communicate then with the MX Passthrough device, does it use the MX IP as a gateway or the Comcast Edge device as a gateway?
Location 2:
Comcast Edge device has local IP of 172.16.32.1
MX Passthrough device has local IP of 172.16.32.2
Switch has 10.10.1.0/24 interface
Comcast has the 10.10.0.0/24 traffic route with a route pointing to 172.16.16.2
Comcast has the 10.10.1.0/24 traffic route with a route pointing to 172.16.32.2
