Hello, I’m currently facing an issue I haven’t been able to resolve for several weeks. I have a Meraki vMX deployed in Azure, intended to replace an older MX100. My goal is to route traffic from a branch MX67 through the vMX, which should then provide access to internal resources over an existing IPsec tunnel from Azure to our internal firewall. Current Setup: The vMX is online in the Meraki dashboard. From the vMX, I can ping internal resources (e.g., 20.200.30.5). The MX67 is configured to use the vMX as a Hub in the Site-to-Site VPN. A static route for internal networks is set on the vMX, with VPN enabled. An Azure route table is in place: 20.0.0.0/8 is routed to the Virtual Network Gateway (for the IPsec connection to on-prem). On Azure, the IPsec tunnel is up between the vMX's VNet and the internal firewall. Issue: Devices behind the MX67 cannot reach internal servers (e.g., 20.200.30.5). From a client connected to the MX67, a tracert to 20.200.30.5 stops at the local gateway (20.200.60.129), the traffic doesn’t even reach the vMX. The MX67 can ping the vMX's LAN and WAN interfaces (20.200.40.4 and 20.200.55.4), but nothing beyond. IP Overview: vMX WAN: 20.200.55.4 vMX LAN: 20.200.40.4 MX67 LAN Gateway: 20.200.60.129 Internal Server: 20.200.30.5   Is there anything on the MX67 that could prevent VPN-routed traffic from being forwarded to the vMX? Should I adjust anything in Azure routing or the Meraki VPN settings to get this working?   Any suggestions or ideas on what to check would be greatly appreciated. Thanks in advance! ... View more