TGW for connecting one vendor VPC makes the solution expensive as TGW charges are high and there wont be any other VPC. Transit VPC with two vMX and VGW to connect third-party vendor via IPsec wont work? Most likely the third-party vendor wont do any vpc peering.   ... View more

Hi   Thanks for the response. So you are suggesting to put both vMX in one region but in different availability zone and connects to third-party vendor VPC over vpc peering or VGW IPsec.  I am the customer and all my sites connect to my vMX in my VPC but there is a third-party vendor VPC who host a resource which needs to be access by all on-prem spokes and that third-party wont allow to put vMX in there VPC which I why I am thinking to use VPC Peering or  VGW IPsec. What you think is it going to work? The only thing different here is two VPC.  Thanks Vinod ... View more

Hi   I have a customer AWS VPC hosting a resources needs to access by spoke site which is going to have Meraki MX devices.  To provide regional HA, if I create two VPC each is different region under my AWS account and connect those VPC to customer VPC either via VPC peering or IPsec via VGW to learn there side subnet and advertise over each vMX AutoVPN , do you think it’s possible? Instead of vpc peering I think IPsec with VGW between VPC makes routing preference easy if I can BGP over it so my spokes treat one of vMX as primary Hub and when traffic reaches to customer VPC over VGW IPsec, in return traffic traffic also follow same path and not revet reply to secondary vMX. I also could not find any AWS load balancer can make this easy at regional level traffic steering between VPC. Appreciate any advise.   Thanks ... View more