The main question is whether it is possible to have a Mikrotik with only a single IP and single interface act as a router without replacing the source mac addresses with it own mac address when forwarding traffic on. See below for explanation of why.
So I have a firewall router as my WAN device that has the option of tracking clients by IP address or by MAC address. It is a Cisco Meraki for anyone that may feel it necessary to know. We have a Mikrotik acting as our internal router on the same subnet as the LAN interface of the Meraki. The Mikrotik not only acts as a VPN endpoint for various reasons, but it also handles some NAT rules that the Meraki cannot do. As such, the Mikrotik is the default gateway for the overall subnet, with the Meraki being the Mikrotik's default gateway. Because the Mikrotik replaces the source MAC address of outbound traffic with its own, the Meraki must track clients via IP address. This was all well and good until we were asked to add Meraki Access Points to the network. In order for them to be inside the same Meraki network as the firewall, the firewall must track clients by MAC address. I could put the APs in a separate Meraki network, but that's not quite the point of asking this question. I prefer to track by MAC address anyway. So is there a way to not replace the MAC address? This would of course cause asymmetric routing, in that the connection outbound would go through the Mikrotik AND the Meraki, but inbound would skip the Mikrotik. What issues might that cause from the Mikrotik side, if any?
Thanks for the assistance in advance. I've been working with Mikrotiks for years, and I only ever seem to post with very convoluted problems.