I need some help in figuring out how to configure routing like in title 🙂
Environment:
I have vMX Medium (hub) deployed in Azure. VMX is connected with my MX105 (also hub) in HQ with AutoVPN.
Other branch offices are also connected with AutoVPN (spokes).
I have configured ClientVPN on vMX.
We have important web application used around the world. It contains sensitive data.
Depending on geolocation dns name can resolve to specific subnets A.A.A.A/24, B.B.B.B/24 or C.C.C.C/24
App is configured to allow connections only from HQ external ip range X.X.X.X/27.
Users from branch offices and VPN clients should also have access to this application. I would like to route their traffic to app subnets over AutoVPN tunnel to MX in HQ and then to internet. In short, for specific subnets I would like MX in HQ to be default gateway for other auto vpn peers 🙂
How can this be achieved since on vMX I cannot create static routes? I don't want to route all traffic to HQ (configure vMX as spoke and set "IPv4 default route" to be HQ peer (hub). I tried to create vpn enabled static routes in HQ's MX pointing to one of local MX ips as a next hop but it doesn't work. Traffic is looping and doesn't reach the target. If as next hop I point other router in HQ (sophos) all is working.
