Double NAT SDX

Product Discussion Peplink Balance
,
1

Hi All!

Hope you guys are doing well.
I’ve been reading about double NAT avoidance and I yet cannot seem to get the gasp of it.

Here is the scenario:

Starlink>SDX>SonicWall>L3

WAN1: Starlink 160.x.x.x IP
WAN2: Starlink 140.x.x.x IP

Both Starlinks are on public IP mode.

SDX Gateway on the SonicWall: 172.17.x.2

Test VLAN in the LAN: 10.101.x.x

I would like to remove the hop from the sdx, having the Sonicwall doing the NATting.

For now, I have read a few threads, a lot of chatgpt questions :smile: and Balance manuals, but I haven’t been able to suss it out.

I have tested IP forwarding mode on WAN1 and selected the SDX gateway for the Test VLAN.

As soon as I go to routing mode, it seems to be no traffic. Tracert to 8.8.8.8 doesn’t leave the SDX gateway.

Can you do IP forwarding with Starlink or do you need access to the breakout point?
If access to the breakout point is needed, would it be possible with Speedfusion?
Is it that I am missing some configuration?

Any help would be greatly appreciated.

Have a good day!

2

Hey there Jeto,

Considering the complexity of your request here I would recommend at first that you reach out to the reseller who sold you the SDX. This is something they should deal with at first step. And escalate in case it’s not clear.

There’s a bunch of ways to do this depending on how you want to route traffic (OSPF and IP-passthrough are options).

Cheers

3

HI Nick,
Thank you for your reply. Unfortunately this isn’t an option for us. Hence why I am here. Jusrt wondering if someone has a similar deployment?

4

First question becomes what do you want the SDX for?

Typically a Peplink sits at the perimeter and manages the monitoring and management of multiple WANs.

If you just want IP pasthrough from Starlinks to the sonicwall, I’d replace the SDX with a pair of BR1 Pro 5G’s . With IP passthrough on the BR1, each starlink public IP can then used directly on the WAN of the Sonicwall but you still get Starlink monitoring in IC2 and you can failover to 5G if you need to when Starlink fails.

If you want the SDX to manage the WANs then you actually want NAT on the Peplink I would argue to simplfy the config on your sonicwall.

Another approach could be to use drop in mode on the SDX for the first startlink so that its WAN IP gets bridged / passed to the sonicwall, then add the other starlink as a failover / load balanced wan on the SDX. That gives you simple config on the sonicwall whilst removing NAT on the SDX.

1 Like