Re: SD-WAN NAT

Abdelrahman salah · ‎07-17-2024

Hello All,

We run the BGP over the IP Sec Tunnel, so we need to create the PAT to translate the incoming IPs from FW 1 to the loopback interface to communicate with the other subnet in the firewall 2 via the loopback interface.

so i need to know how to configure it on the SD-WAN

Note : the 2 IP Sec tunnels under the Same VPN10

balaji.bandi · ‎07-17-2024

how is other side ?

are you looking SD-WAN as transport to establish tunnel ?

check the support NAT in edge Router in SD-WAN :

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/nat/nat-book-xe-sdwan/configure-nat.html#service-side-nat

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Kanan Huseynli · ‎07-17-2024

Hello,

You need intra-VPN service-side NAT. Loopback is not supported, interface overload via natpool is the option. Technically you can have one IP in pool and overload to this pool. Just you need to play with routing that return traffic to pool-address (or subnet) routed to SD-WAN box from other devices in the LAN side. This can be checked and tested

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/nat/nat-book-xe-sdwan/configure-nat.html#intra-vpn-service-side-nat

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Abdelrahman salah · ‎07-20-2024

I already applied this configuration, but still the NAT is not working, so to fix this issue, I set the IP NAT inside & IP NAT outside under the IP sec tunnel by the CLI template because I didn't find the IP NAT inside & outside under the Cisco VPN IP sec feature template, and now the NAT is up and running.