First I have never worked with Meraki before but have the following requirements. I need to provide guest internet access at branch offices. The branch offices only have MPLS connections and no local internet breakout. For guest internet access a separate internet line is provisioned at HQ.
Branch MX firewalls can reach Meraki cloud platform for management using normal internet line routed over other firewall. I would like to build a separate IPSEC tunnel to the MX in HQ to provide internet guest access.
The Meraki firewall for guest at HQ has a public routable IP at WAN side and should also have an internal IP that is reachable over the MPLS to establish IPSEC tunnels between BRANCH and HQ.
I have read so fare that you can deploy MX in concentrator or routed mode. I guess I need to use routed mode. Can I use the auto VPN feature for this or should I use third party VPN.
I am not looking for a detailed technical approach but some direction on how to best approach this.
With the cloud management and auto-vpn I don't really now how this works.
RED LINE IPSEC, BLUE MGT for Meraki branch to cloud platform.
The deployment that you are trying to achieve is generally explained here. Please check that and if you have any specific questions, feel free to bump this thread or you can also reach out to Meraki Support to review any specific deployment issues.
Please let me know if you have any further questions.