Hi, we have a client with 50 sites with an mx67 at each site in routed mode. There are two vMX-M appliances located in their Azure hub, configured in VPN concentrator Mode, sitting behind firewall NVAs in the Azure hub. The vMX-M appliances are the Hub and the 50 sites are configured as spokes. All servers are located in Azure so considered as the Data Center in the design. AutoVPN is configured and sites do not full tunnel to allow for local break-out at the 50 sites. Now, if we introduce Secure Connect, I understand all site traffic now routes via Secure Connect. What happens at the current Hub in the design above? Will we have to change anything on the vMX-M appliances? Do the vMX have to change to Routed mode? Will the vMX appliances now be seen as a spoke? What sort of latency will be introduced on top of the current latency seen in the AutoVPN config? Does the Essentials licensing allow for traffic steering at the remote sites? For example, to exclude certain traffic from being routed via Secure Connect? (Meraki licensing is Advanced Security) Thanks in-advance.
... View more