Unfortunately, it is only possible to populate one public IP and port. When the manual NAT traversal is set, both WAN1 and WAN2 will use the same port. Just because it is set to manual the uplinks will still contact the VPN registry. The spokes will try all of the IP addresses it knows about. The manual IP, the private IP of the uplink, and IPs that it contacts the VPN registry with.
So in this case, I would recommend putting in the IP of WAN2 as it's behind the unfriendly NAT. The spoke will learn about the WAN1 public IP address from the VPN registry connection. If possible, a port forward on the upstream NAT of WAN2 for the UDP port you choose will help the spokes create a tunnel to the MX.