Cisco SD-WAN NAT - PART II - Port Forwarding
In this article, I want to discuss the SD-WAN NAT feature.
A vEdge cloud router can play a NAT role. it can do the natting both on the transport side (VPN 0) and in the service side (VPN 1 for example).
If we deploy NAT in the transport side, NAT functionality allows traffic from the localhost to move directly to the Internet. We can do port forwarding.
The NAT software performs both address and port translation.
Cisco SD-WAN nat software supports 64,000 nat flows.
In this scenario, I want to do "PORT FORWARDING" on the transport side.
To achieve this goal, we need to do three critical steps.
-
Enable NAT on an interface that faces public Internet in VPN 0 (in our scenario its ge0/1).
-
Configure port forwarding.
-
Direct traffic from service VPN like VPN 1 to go to the Internet (public) so we need to have a route to VPN 0.
In the last step, we need to do verification in vmanage.
Let’s do configuration
In my scenario, I am using vManage to do the configuration for Paris Site.
First, we go to "templates" menu.
The first step is to enable NAT on VPN0.
Under Interface, we configure the NAT feature.
The second step is to configure "PORT FORWARDING" under Interface facing the public Internet.
Note: If you want to configure NAT port, then you must use STATIC NAT.
And here is the configuration for port forwarding.
Let's do the third and final step.
In this step, we have to add a route in service side to VPN 0.
For this goal, first, we go to VPN 1(in our scenario service VPN is 1) template:
Note: Remember to choose interesting traffic for NAT.
Verification
Now try to establish a TELNET session from Internet (simulated 8.8.8.8) to public IP of our vEdge IP address (10.50.70.100).
For vManage verification follow the steps:
I hope you enjoy the article.
To be continued...