Showing results for 
Show  only  | Search instead for 
Did you mean: 

1:many NAT on MX-100 is not usable for zoom connector or barracuda spam firewall

Here to help

1:many NAT on MX-100 is not usable for zoom connector or barracuda spam firewall

I have discovered that the 1:many meraki NAT implementation will always send outgoing traffic on the primary public IP instead of the IP assigned to the 1:many NAT rule.


I have spend hours on trying to find out why I am not able to use these two NAT services:


1. zoom meeting connector which should  be  possible to configured using 1:many NAT unfortunately not on meraki MX-100 device:

The solution to this is not to use 1:many NAT rule and use 1:1 NAT unfortunately this will require two public IPs or more if you add other zoom on-premise services.


2. barracuda spam firewall and exchange server.

I decided to offload some traffic from the barracuda firewall for traffic which is not related to SPAM checking and use the build in 1:many NAT instead of 1:1 on the MX-100.

This resulted in outbound email be send using the primary IP instead of the assigned 1:many NAT

This will result in SPF verification to fail and outgoing email be rejected from outside servers.

Had to revert back to 1:1 NAT and deal with occasional overload on barracuda firewall due to web traffic.


Maybe this post will save someone else time.

I am not looking for solution.

The only solution which would work for me if meraki 1:many NAT would work as I expect it and would keep the assigned traffic to use the public IP I assigned it to.




Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.