I have an MX84 acting as a VPN concentrator and will be deploying several remote sites that will communicate back to our core network using the SD-WAN. I was able to set up OSPF and I can see type 5 LSA being advertised into the VPN concentrator but I do not see any of the routes in the VPN concentrator. I am trying to set up split tunnel so that all sites can communicate with core management network and get to LDAP and DNS etc. We use Office 365 extensively and this invariably requires split tunneling so that it can go out the local internet connection or it breaks stuff. I have also tried to set up static routes that point to the VPN concetrator to get around the OSPF issue, which is in the routing table of the spokes, but it complains that it does not know about that device and cannot set up that static route. Static routes are not viable either as there will be some sites that would need hundreds of static routes if I cannot advertise these routes into the SD-WAN environment. There must be a work around that I am missing, something this basic cannot possibly be missing from the configuration of these devices. Is there a different device that I should be using for the VPN concentrator that has the ability to route correctly?
... View more