Hello @RoshanS
Thanks for the answer
In our case, the MX has a private IP on it's WAN interface, it is connected by a dedicated LAN to an ISP router that carries the public IP. We have no inside NAT/dNAT rules on the ISP router, only sNAT that permit the hub to reach the Meraki cloud.
We've tried to dNAT the ike trafic 500/4500 on the ISP router to the Meraki WAN IP (so a private IP), and it doesn't work. We have no logs on Meraki side and the traces on the ISP router shows no responses for the Meraki, like it drops the packets.
(Also I read somewhere - couldn't find where - that this is not a good practice to configure the ISP router as a bridge and make the Meraki carry the public IPs directly.)
Thanks