Using NAT gateway and windows activation

I am trying to setup NAT gateway on GCE. I've started Debian and used instruction as they are here to configure it as NAT and I've executed commands below...

sudo sysctl -w net.ipv4.ip_forward=1

sudo iptables -t nat -A POSTROUTING -o -j MASQUERADE

I've started windows server instance with needed tags and if I check public IP on windows instance, it is the public IP of Debian server. Even if I try to open any website on windows server, works as it should.

But things get tricky, when windows tries to active during boot or even if I try to active them manually after boot. I also have issue with windows update installation when using NAT gateway. If I start windows server without NAT, everything works ok...

This is the error from server console for activation with nat...

02/11/2017 15:25:26 Activating Windows(R), ServerDatacenter edition (21t12779-b119-4t67-ad76-eece0e1ad74b) ... 02/11/2017 15:25:26 Error: 0xC004F074 The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.

Any hints what could be the issue...?

Best regards, Matjaz

Looks like it can't be done...

https://cloud.google.com/compute/docs/instances/windows/getting-support-for-windows-instances

Windows images cannot activate without a network connection to kms.windows.googlecloud.com, and stop functioning if they do not authenticate within 30 days. Create an external IP for your Windows instances so they can authenticate.

Just out of curiosity I've setup external IP for server behind nat and setup routing for kms server IP to go through default internet gateway but no success...