08-29-2020 08:28 PM - edited 08-29-2020 08:29 PM
I would like to use Internet directly exit from my ISR1K SD-WAN routers otherwise enabling DIA on this routes.I can’t enable NAT on SVI interface which is using as service VPN. How can I do it?
09-08-2020 12:02 AM
you should be configure DIA in vManage, See below link
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-dia-deploy-2020aug.pdf
09-08-2020 01:20 PM
To relate to your case, I had to deploy a ISR1100 to a small site with 1 ISP. Usually I have ISR4331/4351's. So my example is DIA with 1 ISP, but you can replicate the steps to add more ISPs if you wanted.
SO, in your Transport VPN aka VPN0 "Cisco VPN" template, make sure you add an IPv4 Route for the one ISP with the following:
"Prefix" as 0.0.0.0/0 (Match All Traffic)
"Gateway" as Next Hop
"Selected Gateway Configuration" as ISP Gateway IP
Add your ISP "Cisco VPN Interface Ethernet" Template and add the following:
"NAT" as On
"NAT Type" as "Interface"
In your Service VPN aka VPN 1-511, 513-65530 "Cisco VPN" template, make sure you add an IPv4 Route with the following:
"Prefix" as 0.0.0.0/0 (Match All Traffic from Service VPN)
"Gateway" as VPN
"Enable VPN" as On
I hope this makes sense. Also, depends on how you're connected on your LAN/Service side, you should have your "Switchport" and "VPN Interface SVI" templates attached as well. Let me know if you need help with this.
**Remember to "mark as solution" if this worked for you**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide