Hate to ressurect a dead post, but I believe I am having a similar issue and am in a similar design as the OP except instead of MPLS, it's to our azure enviorment via s2s vpn. Azure hosts vmanage vsmart and vbond, which each have a public IP as well...
