Hi Cole, I have been running a HA pair MX250 in the VPN concentrator mode behind a Palo Alto firewall for a year now and it has been working fine even with the unfriendly NAT error. I think it is because the Meraki sets up the auto VPN with outbound traffic to the cloud. Support sometimes gets hung up on it, but it works. One thing to note is if you are using PBF rules on the Palo Alto for ISP fail over, I've found that the Palo Alto will not clear the Meraki IPsec sessions when failing to the backup ISP (or failing back to the primary). In order to get the Meraki VPN to fail over you have to either clear the Palo Alto IPsec sessions, or restart the Meraki to re-establish the IPsec tunnels.
... View more