It is recommended to use Meraki to Meraki for simplicity and SD-WAN functionality. If you have multiple ISP's at the remote site or in the Azure cloud we can do active-active or active-passive depending on the setup. I would need to check on Azure but with Amazon we do support NAT mode with a tweak on the backend, however this is not recommended and not sure why you would do this in your design. The pricing of full tunnel pin-hairing your data through any cloud hosted DC can get very expensive. TO answer your question, yes your setup would work as far as I understand your question. You would have the Azure vMX configured as a Hub, the remote sites would be configured as a spoke without clicking the vMX-Azure as the default route would put all of the remote sites in a split tunnel mode. Only traffic destined for the vMX azure subnets would be routed over the VPN tunnel to the DC.
... View more
