SD-WAN and NAT question

SD-WAN and NAT question

SD-WAN and NAT question
SD-WAN and NAT question
2025-06-02 09:30:12
Model: OC300  
Hardware Version:
Firmware Version: 1.29.7

I have an OC300 controller with three sites connected via SD-WAN. Only one of them has a public IP address. Is it possible to set up NAT on site with public IP address so I can access a service on a different site that is connected via SD-WAN? I tried to set up NAT using the remote site's PC address, but without any success. All sites use ER8411 with 1.3.1 firmware.

  0      
  0      
#1
Options
7 Reply
Re:SD-WAN and NAT question
2025-06-02 10:19:19

  @NeoCZ 

interesting questions. did a test and it doesn't work

 

  0  
  0  
#2
Options
Re:SD-WAN and NAT question
2025-06-02 12:50:08

  @NeoCZ 

 

But if you want to access a remote site via SD-WAN, you can use Wireguard or OpenVPN with a full tunnel. This way, you have access to all SD-WAN sites via the site with a public IP.

 

  0  
  0  
#3
Options
Re:SD-WAN and NAT question
2025-06-03 09:19:16

  @MR.S 

 

I know I can use OpenVPN, I was just courious if this kind of NAT usage is possible or not. 

  0  
  0  
#4
Options
Re:SD-WAN and NAT question
2025-06-06 06:44:03

Hi  @NeoCZ 

 

By default, SD-WAN sites interconnected after successful creation will have mutual accessibility similar to an IPSec VPN connection.

 

Do you mean that the service can't be accessed?

 

If so, please ping the LAN IP address of the site and let us know the results. Thanks.

  0  
  0  
#5
Options
Re:SD-WAN and NAT question
2025-06-09 07:21:13

  @NeoCZ if your 3 sites already built SD-WAN tunnels. It should be part of your own network. Thus, you don't need to do NAT your OC device. Its just be routed over overlay tunnels 

  0  
  0  
#6
Options
Re:SD-WAN and NAT question
2025-06-11 09:08:48

  @Vincent-TP 

 

I might not said it clearly in OP. I can access other SD-WAN sites from my main LAN network without any problem. The problem is I have only one WAN with public IP and I would like to open port via NAT on main site's WAN and forward it to IP from different site connected via SD-WAN that doesn't have public IP. 

 

So let's say my main site with public WAN IP has default LAN network with range 192.168.1.x . I can make NAT rules to this range (192.168.1.6) without any problem. I also have another site connected via SD-WAN to main site with range 192.168.10.x . If I try to set NAT rule with destination IP from this range (192.168.10.6) it doesn't work.

  0  
  0  
#7
Options
Re:SD-WAN and NAT question
2025-06-26 12:40:27

  Just want to bring this up. Does anyone have solution for this?

  0  
  0  
#8
Options