It can't go out through the MX at HQ if the MX WAN port is connected to the MPLS, you'd need it to be a LAN port. However if it is a LAN port then Auto-VPN cannot form as that needs to be WAN port to WAN port. Therefore you either need an MPLS with internet (this could be provided by having the MPLS terminated on an HQ L3 switch, the WAN port of the MX connected there along with another device that presents internet access to the MPLS) or you need the HQ MX in concentrator mode.
... View more
