I have a new site I plan to build out that is huge and needs 10GB of bandwidth.
I have all my IDF L2 switches connect to the L3 pair that have all my SVIs on a 172.30.128.0/21 le 24.
I want to install Palo Alto firewalls to handle my outbound 0.0.0.0 and NATing but want to still use a Meraki MX250 for the VPN trusted traffic and auto VPN SD-WAN in a bgp DC to DC failover I have implemented.
usually I build out sites with the MX being the main source of LAN SVI and routing and put it between Layer 2 switches and the edge routers. the MX has all my different VLANs and I choose what goes through the VPN and has the ARP table.
in this scenario attached I do not want that. how do I point the routing to work this way and choose what networks route over the SD-WAN autovpn?
Are you referring to flow preferences?
to be clear in my data centers I an MX configured as one-armed VPN concentrator mode connecting eBGP to my internal network.
I am trying to understand on the branch side with my MX configured as a spoke VPN
here is a diagram.
The the MX250 into VPN concentrator mode. I runs on a single interface using this mode.
On your Palo Alto you would create static routes pointing to the MX for all the remote AutoVPN subnets (or enable something like OSPF).
On the VPN concentrator you configure all the local routes which then get pushed into AutoVPN.