- Service VPN connects to a LAN with a prefix which is routable on underlay network (say MPLS VPN)
- NAT on VPN0 uplink interface (facing MPLS) is not enabled
- eBGP peering is established over uplink and exchanging routes properly
I tested a centralized control-policy as shown below and applied it, and did not see routes imported from vpn1 to vpn0.
vsmart1# show running-config policy
export-to vpn-list vpn0
The above config is referenced by https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_18.3/04Segmentation/03Segmentation_(VPN)_Configuration_Examples.
Question: Do I miss anything? Or Is route leaking between VPN 0 and Service VPN supported without NAT enabled on uplink?
Solved! Go to Solution.
Old response but you can NAT on the transport interface than a centralised policy which matches source -> destination prefixes you want to route out to global and set the action to route to NAT VPN. Ensure you have a route at your site like a default to get to the vEdge the rest of the routing should take care of itself with the PAT NAT.
You can use this document:
route-import and route-export commands under non-0 VPN config
For cEdge you can use this document: