Hi, I'm working on a design for a customer and they want to place 2* Vmx in AWS and terminate the VPN tunnels of +/-120 remote sites on these Vmx's. => The Vmx will be used as a hub => In the branches there will be small MX appliances working in NAT mode Traffic from a spoke should follow the path: - Traffic from spoke will be encrypted in autovpn tunnel and routed to the highest priority Vmx. If the Vmx Hub would fail then it puts the traffic towards the 2nd Vmx Hub. - Traffic will be decrypted in the hub VMx and should be routed towards a connected (virtual) MPLS router - From the MPLS router it will be forwarded into the MPLS cloud to one of their DC's I understood from the documentation that the Vmx can only work in VPN concentrator mode ( L2 bridging), and with this mode routing is disabled. => This means that the Vmx will not known about the routes behind the virtual MPLS router and I think he will drop the traffic. In my (humble) opinion the Vmx is not made for this setup, in the VPN concentrator mode the Vmx can reach the local attached subnets but it can route traffic to another router. Am I correct in this ? Or is there another solution with the Vmx ? Another problem is that the return traffic should be able to reach the correct Vmx otherwise there is a risk that the traffic is routed over autovpn tunnel 1 ( with Vmx Hub1) and the return traffic from the DC will come on Vmx Hub2 => I don't know how the Vmx will react on assymetric traffic. Did anybody have a setup like this ? gr wim
... View more