Currently in the process of completing a transition for a multi-site customer from Cisco ASA to Meraki MX. In our smaller site deployments, we have a relatively simple design using MX68's as our gateway for the handful of subnets (AV, Security, DMZ, Data), which works great.
We have a couple of larger sites, with some private connectivity (PTP, sharing routes over OSPF) where we're leveraging MX105's. Currently, that private traffic is exchanged between some L3 switches, with SVI's acting as default gateways for some of the local network summaries.
Earlier in our implementation plan, we were configuring the MX105's to act as the gateway for all networks, and back-hauling the PTP traffic over static routes from the MX back to an SVI on the L3 switches, however it occurs to me that we might have been able to use a Single LAN style deployment for the MX and define this as a routing network. This would eliminate static routes and take advantage of some of our existing SLA tracking we already have for those dynamic routes.
My question is, can we use the MX device in this manner, where it's NATing several network summaries to the internet and providing ACLs for specific summaries, or is this type of deployment exclusively meant for flat networks?
Just keep in mind that the MX will only advertises Meraki Auto VPN routes via OSPF or its local subnet (when the MX is in Routed mode) to its OSPF peers. The MX does not learn routes advertised by any OSPF neighbors.