Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
598
Views
1
Helpful
2
Replies

Different nat outside interfacec for different service vpns

Go to solution
dijix1990
VIP Alumni
VIP Alumni

‎03-31-2023 02:17 AM

Can I send traffic from different service vpn through different outside interfaces in the vpn0 

For example

VPN 0
Ge1
ip address 1.1.1.1 255.255.255.0

Ge2
ip address 2.2.2.1 255.255.255.0

VPN 1
Ge3
ip address 192.168.100.1 255.255.255.0

VPN 2 
Ge4
ip address 192.168.100.1 255.255.255.0

vpn1 goes to nat dia through Ge1 (1.1.1.1/24)

vpn2 goes to nat dia through Ge2 (2.2.2.1/24)

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎03-31-2023 12:32 PM

Hi,

yes, you can do it with centralized data policy. Within two different "traffic rules/ traffic data" policy (central data policy) match respective traffic pattern and as action choose both following options: NAT VPN and Local-tloc. Local-tloc will be outside transport interface (which is in VPN0) tunnel tloc color. You need two "traffic rules/ traffic data" policy, because it will be applied to 2 different VPNs (from service to tunnel side).

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-dia-deploy-2020aug.pdf

See page 24 SD-WAN Single-Router Dual Internet Remote-Site Design section. By the way, document has below information:

Techical Tip: On IOS XE SD-WAN routers, the traffic can be forwarded to the NAT interfaces based on ECMP, as path preference is
not yet supported on these router platforms 

However, I've checked it works in IOS XE new version. I tested on C8000V 17.9.1 version.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

2 Replies 2

Go to solution
Kanan Huseynli
VIP
VIP

‎03-31-2023 12:32 PM

Hi,

yes, you can do it with centralized data policy. Within two different "traffic rules/ traffic data" policy (central data policy) match respective traffic pattern and as action choose both following options: NAT VPN and Local-tloc. Local-tloc will be outside transport interface (which is in VPN0) tunnel tloc color. You need two "traffic rules/ traffic data" policy, because it will be applied to 2 different VPNs (from service to tunnel side).

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-dia-deploy-2020aug.pdf

See page 24 SD-WAN Single-Router Dual Internet Remote-Site Design section. By the way, document has below information:

Techical Tip: On IOS XE SD-WAN routers, the traffic can be forwarded to the NAT interfaces based on ECMP, as path preference is
not yet supported on these router platforms 

However, I've checked it works in IOS XE new version. I tested on C8000V 17.9.1 version.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
dijix1990
VIP Alumni
VIP Alumni
In response to Kanan Huseynli

‎03-31-2023 05:29 PM

Very thanks

0 Helpful
Customers Also Viewed These Support Documents
Top