Local Internet Breakout without NAT

Ronald Lopez · ‎02-17-2020

Trying to find a way to do local internet breakout on the vEdge or cEdge but without using NAT. Meaning this will be connected to a firewall; which acts as the local ISP, and then the FW will be doing the NAT. All documentation I've seen on Cisco show only how to do it when the Edge device is doing the NAT. If anyone can point me to the right direction will gladly appreciate it. Thanks in advance!!

gilbert.aispuro1 · ‎02-17-2020

Well, it depends on where this FW is. Do you mind providing a diagram?

If it's local with the router, you can peer via OSPF with the FW and set a default route to it.

Ronald Lopez · ‎02-17-2020

Gilbert,

I've attached a simple topology, I forgot to mention that will be getting default route from DC via MPLS as a way for to backhaul in case INET goes down. In regards of the default route one is already created when doing the transport VPN toward INET and for MPLS and well for INET default route toward the FW will be there on VPN0.

gilbert.aispuro1 · ‎02-17-2020

I forgot to mention that will be getting default route from DC via MPLS as a way for to backhaul in case INET goes down.

- Do you have a probe on this MPLS route as less preferred than the OSPF/OMP FW route?

All in all, as long as you peer via OSPF with the FW, Add a default route to it, and make sure the FW is NAT'ing those networks coming in, then you should be good to go.

I did this exact same thing. I had MPLS at all my sites that I swapped out for SD-WAN and this is what I did.

TahirAli12881 · ‎06-11-2023

Hi. Did you figure this out? How did you solve this?