Routing traffic (to internet, for specific subnets) from MX1 over auto-vpn tunnel to MX2
I need some help in figuring out how to configure routing like in title 🙂 Environment: I have vMX Medium (hub) deployed in Azure. VMX is connected with my MX105 (also hub) in HQ with AutoVPN. Other branch offices are also connected with AutoVPN (spokes). I have configured ClientVPN on vMX. We have important web application used around the world. It contains sensitive data. Depending on geolocation dns name can resolve to specific subnets A.A.A.A/24, B.B.B.B/24 or C.C.C.C/24 App is configured to allow connections only from HQ external ip range X.X.X.X/27.
Users from branch offices and VPN clients should also have access to this application. I would like to route their traffic to app subnets over AutoVPN tunnel to MX in HQ and then to internet. In short, for specific subnets I would like MX in HQ to be default gateway for other auto vpn peers 🙂
How can this be achieved since on vMX I cannot create static routes? I don't want to route all traffic to HQ (configure vMX as spoke and set "IPv4 default route" to be HQ peer (hub). I tried to create vpn enabled static routes in HQ's MX pointing to one of local MX ips as a next hop but it doesn't work. Traffic is looping and doesn't reach the target. If as next hop I point other router in HQ (sophos) all is working.