cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

1:many NAT on MX-100 is not usable for zoom connector or barracuda spam firewall

Highlighted
Here to help

1:many NAT on MX-100 is not usable for zoom connector or barracuda spam firewall

I have discovered that the 1:many meraki NAT implementation will always send outgoing traffic on the primary public IP instead of the IP assigned to the 1:many NAT rule.

 

I have spend hours on trying to find out why I am not able to use these two NAT services:

 

1. zoom meeting connector which should  be  possible to configured using 1:many NAT unfortunately not on meraki MX-100 device:

https://support.zoom.us/hc/en-us/articles/204898919-Configure-Meeting-Connector-Controller-Port-Forw...

The solution to this is not to use 1:many NAT rule and use 1:1 NAT unfortunately this will require two public IPs or more if you add other zoom on-premise services.

 

2. barracuda spam firewall and exchange server.

I decided to offload some traffic from the barracuda firewall for traffic which is not related to SPAM checking and use the build in 1:many NAT instead of 1:1 on the MX-100.

This resulted in outbound email be send using the primary IP instead of the assigned 1:many NAT

This will result in SPF verification to fail and outgoing email be rejected from outside servers.

Had to revert back to 1:1 NAT and deal with occasional overload on barracuda firewall due to web traffic.

 

Maybe this post will save someone else time.

I am not looking for solution.

The only solution which would work for me if meraki 1:many NAT would work as I expect it and would keep the assigned traffic to use the public IP I assigned it to.

 

cheers

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.