Hi everyone.  We are in the process of rolling out Meraki AP's in all of our locations.  We have WAN connectivity between all sites on the 10.0.0.0/8 network.  We purchased a pair of MX-450's to be VPN concentrators at one of our sites.  The goal is to do SSID tunneling for our Guest wireless network.  Ideally, we want to tunnel the traffic to the firewalls, then egress directly out to the internet from the MX450's.  Initially, based on the documentation, I had thought that we had to deploy the firewalls in a One-Armed Concentrator mode.  Now I'm reading that we can do a Routed Mode Concentrator deployment, which was good news for us, as we do not want to have to add any additional infrastructure to make this work.  The question now, for us, is how the tunnels are built.  Ideally, the tunnels between the AP's and the firewalls will be established between the private 10.x.x.x ip addresses of the AP's and the Firewall's LAN interface.  But nobody from Meraki Sales or Support has been able to answer that question.   https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide#Deploying_a_Routed_mode_concentrator      ... View more