So the VPN Hub has a static IP (VIP) and there will be NAT (SNAT/DNAT) to/from the VIP via a public IP from ISP X. I figure I will need to resolve the unfriendly NAT situation upstream with the static SNAT/DNAT so that works. May have figured this out myself - I will try creating two SNAT/DNAT rules upstream (Mapping to the MX VIP) one for ISP A and one for ISP B, with the outside interface specified per ISP, so that when the route fails over to ISP B, SNAT rule for ISP B will be followed. I just need to make sure I can resolve unfriendly NAT so I don't need to use Manual NAT traversal.
... View more