I have done this many times and it works fine.   I have even done this in DC deployments.  I tend to use NAT mode event for AutoVPN hubs.  I use the primary WAN ports plugged into the DC Internet circuit, and then the secondary WAN port into a seperate consumer grade Internet circuit (albeit I try to get the nicest consumer grade circuit I can).   When you eventually have a catastrpohic DC failure (and you will eventually, no matter no bullet proof the design is [ps. humans are the biggest danger]) it is very usefull being able to see if the DC MXs are still up, and to be able to do pings from them.   I have only had one customer actually use this DC approach in anger.  They have two geographically seperated DCs and had the improbable event of a partial power failure affecting both sites at the same time (a full power falure at one DC would have probably saved them, but alas not so lucky).  The power failure didn't take out everything but did take out their primary Internet feed across the two sites.  The actual compute farm and core switching remained up enough to be functional (although somewhat wounded). In their case the remote AutoVPN sites failed over to the consumer Internet circuit and although they suffered a performance hit their core business application kept working allowing everyone else to run around like headless chickens trying to get their Internet presence back online (some exageration there).   So that extra $100 per month prevented the entire company company to a standstill. ... View more