I am attempting to setup internet redundancy at one of our sites but can't figure out a solution for an issue we are facing with non meraki VPN failover.   On the MX.... WAN 1 = Local Internet WAN2 = Existing MPLS connection (Internet egress on east coast)   We use Zscaler so we have a non meraki VPN tunnel setup from the MX to Zscaler and tunnel all internet traffic to Zscaler. This works perfect for WAN1 and even a failover works perfect when WAN1 and WAN2 are both local Internet connections. However, the issue I am facing at this specific site stems from WAN2 being a MPLS connection and I can only get the tunnel to come up if I enter a local ID on the Meraki site to site VPN settings (see picture). I think this is because on the MPLS connection I have an upstream NAT device (Palo) which is translating the internal IP of the Meraki WAN2 port to a public address.   WAN1 is primary and everything works fine. However when we failover to WAN2 the non meraki VPN tunnel to zscaler never comes up because that tunnel will only come up if I have the Public NAT address added to the "Local ID" on the Meraki site to site VPN page.   Is there a solution or workaround to this? It doesn't appear there is a way to use a different non Meraki tunnel for WAN1 and WAN2. Am I missing a way to make the non meraki tunnel establish over my MPLS connection without entering a "Local ID" ?   ... View more