Port forwarding WAN to Route based VPN

Question

I have 2 XG ver. 20 firewalls between 2 sites, both with Static public IP. 
 There is a SDWAN route based VPN between the 2 sites, and it works perfect. the roude precedence is SDWAN, Static, VPN. 
 I am trying to publish an internal server resource that resides in Site A, using the Site B WAN. 
 There is a firewall rule on Site B - Allow WAN to VPN, with specified TCP port number, and also a NAT rule to DNAT to the internal server. 
 It does not work. The packets arrive on the Site B WAN interface, and are sent out immediately on the same WAS interface, even there is an SDWAN policy to send anything destined for Site A LAN over the VPN. 
 I had tried using Source NAT rule as well, but the packets still exit the same WAN interface.

Vivek Jagad · Answer

Hi Geniux , thank you for reaching out to the community, you can refer - Configure a DNAT with route-based VPN .

sanket.shah · Answer

Hello Geniux , 
 Could you please try using "public ip" instead of "DNATed IP (Store LAN)" as a destination in SDWAN route configured on Site-B? Better to use specific service traffic also as a matching criteria otherwise all WAN destined traffic could get affected.

Port forwarding WAN to Route based VPN

Top Replies