1:many NAT on MX-100 not usable for zoom connector or barracuda spam firewall
I have discovered that the 1:many meraki NAT implementation will always send outgoing traffic on the primary public IP instead of the IP assigned to the 1:many NAT rule.
I have spend hours on trying to find out why I am not able to use these two NAT services:
- zoom meeting connector which should be possible to configured using 1:many NAT unfortunately not on meraki MX-100 device:
https://support.zoom.us/hc/en-us/articles/204898919-Configure-Meeting-Connector-Controller-Port-Forwarding
The solution to this is not to use 1:many NAT rule and use 1:1 NAT unfortunately this will require two public IPs or more if you add other zoom on-premise services.
- barracuda spam firewall and exchange server.
I decided to offload some traffic from the barracuda firewall for traffic which is not related to SPAM checking and use the build in 1:many NAT instead of 1:1 on the MX-100.
This resulted in outbound email be send using the primary IP instead of the assigned 1:many NAT
This will result in SPF verification to fail and outgoing email be rejected from outside servers.
Had to revert back to 1:1 NAT and deal with occasional overload on barracuda firewall due to web traffic.
cheers
High Density WiFi Deployment