I switched the vMX to Routed Mode, this got the Client VPN on the vMX working as desired but, caused an issue with the onsite MX where it lost connectivity to Azure subnets through the Auto-VPN, this is because the routed MX can only be configured with a single LAN, so it was only allowing the default LAN and Client VPN pool to be shared over the VPN. I could partially fix this by setting the vMX as the IPv4 default route, but then this caused issues with non-Meraki VPNs, it would also cause excessive Azure egress traffic which would have associated costs. After a long call to support going through various things, I have set the device back to Passthrough mode now. Apart from not being able to use full-tunnel for VPN clients, everything else seems to work on the MX and vMX. Looking through posts in various forums it sounds like another device would be needed to do the NAT for internet access.
... View more