LAN-Side NAT Rules allow you to NAT IP addresses in an unadvertised subnet to IP addresses in an advertised subnet. For both the Profile and Edge levels, within the Device Settings configuration, LAN-side NAT Rules has been introduced for the 3.3.2 release and as an extension, LAN side NAT based on source and destination, same packet source and destination NAT support have been introduced for the 3.4 release.

By default, the LAN-Side NAT Rules are inherited by the Edges associated with the Profile. To override the NAT-Side NAT Rules at the Edge level, perform the steps below.

For more information, see LAN-Side NAT Rules at the Profile Level.
Note: If the users want to configure the default rule, “any” they must specify the IP address must be all zeros and the prefix must be zero as well: 0.0.0.0/0.
  1. In the SD-WAN Service of the Enterprise Portal, go to Configure > Edges.
  2. Select the appropriate Edge by clicking the check box next to the Edge Name.
  3. If not already selected, click the Device tab link.
  4. Scroll down to the Routing & NAT.
  5. Open the LAN-Side NAT Rules area.
  6. Click the Override check box to make changes to the LAN-Side NAT Rules.
  7. In the LAN-Side NAT Rules area, complete the following for the NAT Source or Destination section: (See the table below for a description of the fields in the steps below).
    1. Enter an address for the Inside Address text box.
    2. Enter an address for the Outside Address text box.
    3. Enter the Source Route in the appropriate text box.
    4. Enter the Destination Route in the appropriate text box.
    5. Type a description for the rule in the Description textbox (optional).
    LAN-side NAT Rule Type Description
    Type drop-down menu Select either Source or Destination Determine whether this NAT rule should be applied on the source or destination IP address of user traffic.
    Inside Address text box IPv4 address/prefix, Prefix must be 1-32 The "inside" or "before NAT" IP address (if prefix is 32) or subnet (if prefix is less than 32).
    Outside Address text box IPv4 address/prefix, Prefix must be 1-32 The "outside" or "after NAT" IP address (if prefix is 32) or subnet (if prefix is less than 32).
    Source Route text box

    - Optional

    - IPv4 address/prefix

    - Prefix must be 1-32

    - Default: any

    For destination NAT, specify source IP/subnet as match criteria. Only valid if the type is “Destination.”
    Destination Route text box

    - Optional

    - IPv4 address/prefix

    - Prefix must be 1-32

    - Default: any

    For source NAT, specify destination IP/subnet as match criteria. Only valid if the type is “Source.”
    Description text box Text Custom text box to describe the NAT rule.
  8. In the LAN-side NAT Rules area, complete the following for NAT Source and Destination: (See the table below for a description of the fields in the steps below).
    1. For the Source type, enter the Inside Address and the Outside Address in the appropriate text boxes.
    2. For the Destination type, enter the Inside Address and the Outside Address in the appropriate text boxes.
    3. Type a description for the rule in the Description textbox (optional).