I think I can help with that clarification too 🙂 The MX can only have NAT rules that are based on the destination IP address of a given flow. Note that I said 'flow' and not 'packet', because obviously the source IP address field in a _response_ packet is NAT'd, but you can never create a rule that intentionally modifies the source IP for a flow. If you're clever enough there are actually ways to write rules to make this happen for very specific use cases, but I would suggest these configs are bad practice as they are not intuitive and really just taking advantage of side effects of certain configurations. You would be running the risk of no one else understanding your config, and perhaps even Meraki breaking the functionality in future updates as it's not technically supported 🙂
... View more
