I have discovered that the 1:many meraki NAT implementation will always send outgoing traffic on the primary public IP instead of the IP assigned to the 1:many NAT rule.
I have spend hours on trying to find out why I am not able to use these two NAT services:
1. zoom meeting connector which should be possible to configured using 1:many NAT unfortunately not on meraki MX-100 device:
The solution to this is not to use 1:many NAT rule and use 1:1 NAT unfortunately this will require two public IPs or more if you add other zoom on-premise services.
2. barracuda spam firewall and exchange server.
I decided to offload some traffic from the barracuda firewall for traffic which is not related to SPAM checking and use the build in 1:many NAT instead of 1:1 on the MX-100.
This resulted in outbound email be send using the primary IP instead of the assigned 1:many NAT
This will result in SPF verification to fail and outgoing email be rejected from outside servers.
Had to revert back to 1:1 NAT and deal with occasional overload on barracuda firewall due to web traffic.
Maybe this post will save someone else time.
I am not looking for solution.
The only solution which would work for me if meraki 1:many NAT would work as I expect it and would keep the assigned traffic to use the public IP I assigned it to.
View all community news »