Why does this seem backwards? ... View more

Probably someone can point out the differences/advantages when using NO NAT on a WAN-Interface... for example: will statistics, content filtering, etc. may also work with it? ... View more

@PhilipDAth    I have a similar scenario but the MX would be in front of just one of my spokes and not the hub.  We have a site where an MX is being put in place but the router at the site is a DMVPN spoke.  The MX is simply being put there as a firewall/security appliance but it would be in front of the DMVPN.  Can this be done? ... View more

No, VLAN300 should be layer 2 only. ... View more

@benny I just setup an MX84 behind an ASA and in front of a layer 3 switch.  I used the 15.4 firmware as well and from my experience the MX isn't quite a layer 3 device even with the new firmware.  For the MX to work and pass all traffic from WAN to LAN, you'll need to utilize static routes to the layer 3 device that all of your clients site behind.  So as an example you would have a 66.10.10.1/30 and that goes to your WAN with the gateway being the next hope router.  Then you have a 11.11.11.1/30 on the MX and that goes to your layer 3 switch.  The switch should have a default route of the MX address (11.11.11.1).  This way the WAN and LAN are separate and the MX is able to route traffic to the LAN by using the 11.11.11.x subnet.  As I said, the MX isn't quite a layer 3 device so it takes a bit of engineering to get it to work like you want. ... View more