Sorry - there are 2 ways to set up a VPN to AWS with a Meraki. Both must be Static as Meraki does not support BGP for Dynamic. 1. Create a Virtual Private Gateway and a Site to Site VPN Connection.. 2. Create a Transit Gateway then create a Transit Gateway Attachment type of VPN. I use option 2 due to our many VPCs and accounts. It's just easier to route in and out of a TGW from a VPN than to route through a VPC when you're dealing with other accounts. Either way, you'll need a static route table since the Meraki does not support BGP. So, with option 1, you'll add your static routes to the VPN static route table. Option 2 you will create a TGW Route Table, associate it to your VPN Attachment, and add the static routes there. Either way, you'll need routes defined in the VPN to point to networks on the other side of the Meraki and on the AWS VPC side. The Public IP on the AWS side is listed in the Configuration Download option for Meraki (as is the public key and such). The Public IP for the Meraki that you would enter on the AWS VPN side for your customer gateway is Security & SD-WAN > Appliance Status > Uplink (tab) > General Public IP
... View more
1> Yes the MX will send the traffic to the default gateway configured for the WAN port, nothing else to do here - it will contact the registry. 2> The branch MX will need a connection to the internet. This could either be from your carriage provider with a NATed solution out of the MPLS WAN or by using a VPN concentrator setup at the head-end so that non-VPN traffic from the branch MX can go via the data centre and via another firewall/NAT to the internet. 3> If you have the branch MX configured to build VPN tunnels on both ports then it will try to build all the tunnels it can. Normally, however, there isn’t a path between the Internet and MPLS network that the tunnel can be established on, and so you only get MPLS to MPLS and Internet to Internet.
... View more