Using SD-WAN Orchestrator / Configuration > Networking / NAT
Home Compliance NAT Deployment Guides Configuration > Networking > NAT Integration Guides NAT allows for multiple sites with overlapping IP addresses to connect to a single SD-WAN fabric. You Using SD-WAN Orchestrator can configure SNAT (Source Network Address Translation), DNAT (Destination Network Address Translation), destination TCP, and UDP port translation rules that apply to all LAN to WAN traffic in the What's New ingress and egress directions. Configured rules apply to all traffic including tunneled traffic, internet Getting Started bound traffic, and other passthrough traffic. The following address translation options are supported: Light or Dark Theme • 1 1 source and destination IP address translation Menu Options Monitoring • 1 1 subnet to subnet source and destination IP address translation Monitoring > Summary • Many to one IP source address translation Monitoring > Performance • NAT pools for translated source IP address Monitoring > Reporting Monitoring > Bandwidth You can view both NAT rules and NAT pools within your network by selecting NAT Rules or NAT Pools at the top of the page. You can also export a CSV file of your branch NAT traffic. Select the Edit Monitoring > Tunnel Health icon to add rules to your NAT and NAT pools. Configuration
NAT Rules and Pools
Configuration > Overlays & Security Configuration > Networking You can add NAT rules and configure NAT pools from the NAT tab.
NAT Rules Each NAT rule has a directional field or value. Outbound rules are applied to the traffic flows initiated from the LAN and destined to the WAN. Inbound rules are applied to the traffic flows initiated from the WAN and destined to the LAN. They include all tunneled traffic, internet bound traffic, and other passthrough traffic. Return traffic for a given flow does not require an additional rule. The destination IP address must be configured for each rule. NOTE: You must disable advertisements of local, static routes on the LAN side at the site so routes are completely unique. Additionally, you must configure announce-only static routes for your NAT pools and advertise them to the WAN by allowing those routes in your “Redistribute routes to SD-WAN fabric” route map. Complete the following steps to add a rule to your NAT: 1 On the NAT tab, click the edit icon next to an appliance name. The NAT dialog box opens. 2 Click Add Rule. 3 Enter the following values in the table by selecting any of the columns. Field Description Priority Order in which the rules are executed; the lower the priority, the higher the chance your NAT rule will be applied. LAN Interface Name of the LAN interface the NAT rule is using. This is configurable for an outbound NAT rule only. Segment Name of the segment being used. Select the direction the traffic is going: Direction Outbound (LAN to Fabric) Inbound (Fabric to LAN) Protocol Type of protocol being used for each NAT. Source Original source IP address of the IP packet. Destination Address of the LAN/WAN interface where the traffic is going to. Translated Source Translated source IP address when the NAT rule is applied. Translated Translated destination IP address when the NAT rule is applied. Destination Enabled Select this check box to enable your customized NAT rule. Direction can be both inbound or outbound. Comment Any comment you want to add pertaining to your NAT rule. Match: LAN interface, direction, source, destination Criteria Set: Translated source, translated destination
4 Click Save.
NAT Pools You also have the option to configure a NAT pool. Complete the following steps to create a NAT pool: 1 On the NAT tab, click the edit icon next to an appliance name. The NAT dialog box opens. 2 Click NAT Pools. The NAT Pools dialog box opens. 3 Click Add. 4 Enter the following values in the table by selecting any of the columns. Field Description Name Name of your pool. Direction Specify whether the traffic is outbound or inbound. Subnet IP address of the subnet. Translate Enable source port address translation if the NAT pool is too small to accommodate Ports multiple flows simultaneously with 1 1 IP address translation.
5 Click Save. A confirmation message appears at the bottom of the screen.
