Destination NAT on vedge from public to private

JoshvastalinPrincekumar75186 · ‎03-02-2021

Requirement- need to allow access from internet to a server in LAN network.

Public users should reach transport VPN in vedge and Nat to private IP to reach service side VPN.

Here the requirement is to do destination NAT.

all cisco documents points to source static NAT from traffic is from external.

inderdeeps · ‎03-02-2021

To allow requests from the external network to reach internal network devices, you configure the vEdge router that sits at the edge of the internal network to be a NAT gateway that performs NAT port forwarding (also called port mapping ). You can also create pools of internal network addresses and dynamically or statically map them to other addresses. Have a look on below link

Cisco SD-WAN Configuration Guide for Cisco IOS XE SD-WAN Release 16.9.x and Cisco SD-WAN Release 18.3.x

Regards

Inderdeep Singh
www.thenetworkdna.com

osdesent · ‎03-02-2021

Do you have the controllers on-prem or in the cloud?

In the other hand in order to stablish comunication from the public internet towards your LAN leveraging the SD-WAN fabric, you need to allow some flows and ports in your Firewall or Internet Gateway. PAT also is an option.

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/cisco-sd-wan-overlay-network-bringup.html#c_Firewall_Ports_for_Viptela_Deployments_8690.xml

Finally you just need to assign the appripiate colors to your edges as vBond will know and correlate the private and public IP of edge and will let it know to the other edges in order to stablish the data plane.

Regards

Oscar Desentis
Customer Success Specialist (SD-WAN)