Thanks Bruce for the advice. I've seen that link before. The point with that scheme (the one here https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS ) is that it assumes I can set the MX's default route to point to the Cisco MPLS router of the picture. Currently, this Cisco MPLS router belongs to the customer, but it is EoSupport. We are trying to replace that MPLS Cisco router with the MX, while also taking advantage of SD-WAN capabilities. Currently, with that Cisco router acting as an MPLS router we have GRE + OSPF + a default route injected via OSPF from the HQ to the branch, and machines in the branch are able to reach Internet (centralized at the HQ) through the MPLS network, but via the overlay GRE tunnel. Removing that Cisco MPLS router from the picture would let just the MX directly receiving the MPLS links (this is what we are evaluating). Under this setup, I think that pointing a default route to the MPLS PE router (not belonging to the customer) will blackhole the traffic with destination to the Internet. The actual MPLS links do not include routing to the Internet. Here is where I ask for alternatives. Is it possible the scheme we are evaluating? MX receiving the MPLS links directly? As far as I know MXs do not support GRE, such that we could collapse what the actual Cisco MPLS router is doing into the MX and do SD-WAN at the same time. Or do you think we would require two devices, a new MPLS router (Customer managed), and the MX behind it?. Thanks,
... View more