Port forwarding WAN to Route based VPN

Can you show us the route precedence and the SD-WAN Route?
Are there other sd-wan routes (or other static routes)

SD-WAN route, Static route, VPN route.

there is ony 1 SD-WAN route:

The only way I can get the packets to exit the VPN xfrm interface, is by adding a static route. not sure why.

Hi Geniux , thank you for reaching out to the community, you can refer - Configure a DNAT with route-based VPN.

please show us the SD-WAN Profile ... or try to switch to "primary/sec gateway"

The DNAT wouldn't help me either, becasue i want that the server in Site A to get real clients IP address.

So I want the packet just be routed over the VPN from Site B all the way to the server in Stie A with the original source IP.

The reply packet from the server is handled by an SD-WAN rule on site A:

it all works, but the only issue is that the Site B XG must use a static route, instead of SD-WAN

Why you have switched surce & dst-ports within service definition?

you are seeing the SD-WAN rule from SiteA where the rds server is located.

This RDS server will reach out to the internet using it's own WAN, but will use the VPN route to accept incoming RDS sessions.

The only issue we have is on Site B where we must use use a static route, otherwise it doesn't follow the SD-WAN rule

Hello Geniux ,

Could you please try using "public ip" instead of "DNATed IP (Store LAN)" as a destination in SDWAN route configured on Site-B? Better to use specific service traffic also as a matching criteria otherwise all WAN destined traffic could get affected.

That wouldn't work, as it will require 2 dnat rules, and it wouldn't be encrypted through ipsec