Cisco SD-WAN NAT – PART I
In this article, I want to explain SD-WAN NAT feature.
A vEdge cloud router can play a NAT role. It can do the natting both on the transport side (VPN 0) and on the service side (VPN 1 for example).
If we deploy NAT in the transport side, NAT functionality allows traffic from local host to move directly to the internet. We can do port forwarding or we can do dynamic PAT.
The NAT software performs both address and port translation.Cisco SD-WAN nat software supports 64,0000 nat flows.
In this scenario, I want to do dynamic PAT on the transport side.
To achieve this goal, we need to do two critical steps.
-
Enable NAT on an interface that faces public internet in VPN 0 (in our scenario its ge0/1)
-
Direct traffic from other VPN like VPN 1 to go to the internet (public), we need to have a route to VPN 0
In the last step, we need to do some verification in vmanage.
Let's do configuration
In my scenario, I am using vManage to do the configuration.
First, we will go to "templates" menu.
The next step is to enable NAT on VPN0, under interface facing the public internet.
Now under interface, we will activate the nat.
Let's do the second step.
In this step, we have to add a route in service side point to VPN 0.
We go to VPN 1(in our scenario service VPN is 1) template.
Note: remember to choose interesting traffic for NAT
Now the ping from service side (CSR router ) is going through internet.
For vManage verification follow the steps:
Now I do another ping from loopback source to 8.8.8.8:
As you can see, real IP address is shown in vmanage and the configuration is verified.
I hope you enjoy the article.
To be continued...