I have one site (S1) with fixed WAN IP and another site (S2) on 4G WAN conndction. SD-WAN them and working between sites very well.
Is it possible to port forward eg port 3389 to a terminal server in S2 when a remote user connects via the WAN IP at S1?
Does not allow me to port forward on MX in S1 to an IP subnet in S2.
@NolanHerring wrote:
I might be missing something, but I don't think you need to port-forward if your have a tunnel setup already between the sites. You should be able to reach devices between the sites.
This is not the issue of "internal" and "inter-site" users. I want to port forward for outside users from the internet. Situation is Site A has real public IP address. Site B, using 4G does not have a real public IP address. As such, no servers (web server, etc) in Site B is reachable from the outside world from the internet.
Anyway, I am exploring on getting a 4G service with a real IP public address.
The problem with this setup is it requires the return path to be the same as the forward path.
So if you NAT a port coming on on site1 from the Internet, and the internal host is at site2, then the return traffic for that NAT session must come back over the AutoVPN tunnel to site1 and go out that Internet connection. It can not use the local Internet break out. This usually prevents the use of NAT as you describe.
If you were using AutoVPN this means site2 would have to be using a full tunnel to site1.