Port forward to a SD-WAN connected network

wey2go
Getting noticed

Port forward to a SD-WAN connected network

I have one site (S1) with fixed WAN IP and another site (S2) on 4G WAN conndction. SD-WAN them and working between sites very well. 

 

Is it possible to port forward eg port 3389 to a terminal server in S2 when a remote user connects via the WAN IP at S1?

 

5 REPLIES 5
NolanHerring
Kind of a big deal

If you have AutoVPN tunnels then you should already be able to communicate with the other site no?
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Does not allow me to port forward on MX in S1 to an IP subnet in S2. 

NolanHerring
Kind of a big deal

I might be missing something, but I don't think you need to port-forward if your have a tunnel setup already between the sites. You should be able to reach devices between the sites.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

 


@NolanHerring wrote:
I might be missing something, but I don't think you need to port-forward if your have a tunnel setup already between the sites. You should be able to reach devices between the sites.

This is not the issue of "internal" and "inter-site" users. I want to port forward for outside users from the internet. Situation is Site A has real public IP address. Site B, using 4G does not have a real public IP address. As such, no servers (web server, etc) in Site B is reachable from the outside world from the internet.

 

Anyway, I am exploring on getting a 4G service with a real IP public address.

PhilipDAth
Kind of a big deal
Kind of a big deal

The problem with this setup is it requires the return path to be the same as the forward path.

 

So if you NAT a port coming on on site1 from the Internet, and the internal host is at site2, then the return traffic for that NAT session must come back over the AutoVPN tunnel to site1 and go out that Internet connection.  It can not use the local Internet break out.  This usually prevents the use of NAT as you describe.

If you were using AutoVPN this means site2 would have to be using a full tunnel to site1.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels