I have a couple of my spokes connected up to umbrella connector hubs with no problem but i cant see any way of getting the Auto-VPN hubs themselves to connect to the umbrella connectors as well.
Im not sure i understand the 'umbrella-hub' expected behaviour here. I would have thought that there would be a way to get access to umbrella direct from the auto-vpn hubs to cater for clients attached to the hub site itself ?
The documentation just mentions that auto-vpn hubs and connector hubs dont automatically form tunnels with each other, which i can see is the case. But other than that, the document doesn't explain how this can be remedied.
In order for clients connected to the same site as a one armed vpn concentrator in hub mode (in our case, this is a vMX in azure) ,you need to stand up a non-meraki ipsec to umbrella manually.
The documentation suggests that in this config, its not possible for auto-vpn traffic to utilise the hubs non-meraki tunnel to umbrella, so if you need branches to get to umbrella, you still need to set up spoke on-ramp auto-vpn connector tunnels to umbrella in the normal way.
I have it working in this way at the moment but wondered if anyone can confirm that this is the way its 'supposed' to work ?