You can control the Non-Meraki VPN by using Network tags.

From the Meraki point of view You'd only have to configure one VPN, as this configuration will be replicated to all MXes.

Using Network Tags you can then control that the VPN should only be available on the Combined Network. In the case that connectivity is lost on the Combined Network, you can move the Network tag to the SDWAN network. This will result in the VPN then being available on this MX.

However, this would have to be a manual task, since there is no mechanic to move this connection automatically. Perhaps you could use a API by writing a script that will monitor internet connectivity on the combined network. In case that fails the script would then remove the network tag, and in turn add the tag to the SDWAN network.

On the ISP router point of view, you'll have to create two VPN profiles; one for the Combined Network MX, and one for the SDWAN MX.

Have a look into using IPSec tag based failover.

https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover

ps. If you want to make this really simple, setup a warm spare MX at the same location and use a VIP.  The VPN can then automatically failover between MXs.  You'll need an Internet circuit with a minimum of a /29 to accomodate this.

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair