@MKS1 the suggestions above will work. We have been running pretty much the exact same setup as you want for the last couple of years. The only difference being we have two HA pairs of firewalls terminating client and 3rd party site to site VPNs with the MX pair in single armed mode behind. One of the edge pairs are ASAs and when connecting the MXs it just worked once we allowed the prescribed ports out to allow connection to the Meraki cloud.
... View more