@NeoCZ 

interesting questions. did a test and it doesn't work

  @NeoCZ 

But if you want to access a remote site via SD-WAN, you can use Wireguard or OpenVPN with a full tunnel. This way, you have access to all SD-WAN sites via the site with a public IP.

  @MR.S 

I know I can use OpenVPN, I was just courious if this kind of NAT usage is possible or not. 

  @NeoCZ if your 3 sites already built SD-WAN tunnels. It should be part of your own network. Thus, you don't need to do NAT your OC device. Its just be routed over overlay tunnels 

  @Vincent-TP 

I might not said it clearly in OP. I can access other SD-WAN sites from my main LAN network without any problem. The problem is I have only one WAN with public IP and I would like to open port via NAT on main site's WAN and forward it to IP from different site connected via SD-WAN that doesn't have public IP. 

So let's say my main site with public WAN IP has default LAN network with range 192.168.1.x . I can make NAT rules to this range (192.168.1.6) without any problem. I also have another site connected via SD-WAN to main site with range 192.168.10.x . If I try to set NAT rule with destination IP from this range (192.168.10.6) it doesn't work.

  Just want to bring this up. Does anyone have solution for this?