Is it possible to establish a vpn over a direct connected Metro-E connection between two MX devices without adding routers or L3 switches into the mix?
We bought Meraki devices for all of our branches because we were told it'd work and now that I'm in the thick of it. It's looking like a no.
If we did use a L3 switch at the hub and put all of the MX interfaces on the same network with that switch as the gateway, then we could share the default route over the Metro-E to give the branches internet access but wouldn't that basically make traffic able to flow over those Metro-E connections outside of the VPN? We cannot have that.
We were also looking at trying non-meraki Peer VPNs as a cutover strategy from our ISR routers at the branches but it's looking like that's not possible either since the WAN interface on the Meraki still needs a gateway and there isn't one without that L3 switch.
