I have the same situation with the difference that I don't have a dedicated Internet connectivity in my branches, everything gets out of the VPLS link. I wasn't aware that the MXs NAT until I tried to replace an old 1841 with an MX68. If I put one MX in my main site as a one legged vpn concentrator, in my branch have the MX internet port connect to the private wan and establish a site-to-site with the main site, does that send the packets untranslated to the main site?
... View more
