NAT policies


#1

We’ve only been using Peplinks in our networks for a few months but from what we can tell NAT policies can only be enabled on a specific WAN interface so everything is either NAT’d or not. The load balancer that we used before installing peplinks had the ability to set NAT policies based on the traffic’s destination rather than the interface. This allowed us to use mixed internet and MPLS circuits on a WAN port and only NAT the traffic that was destined for the internet so our MPLS network traffic was never NAT’d. Is there a way to do this with peplinks and if not, I would like to submit a feature request to have it added as this would greatly help customers that use mixed internet and MPLS circuits like a lot of providers offer.


#2

Typically we deploy Balance routers as drop-in mode with MPLS networks to avoid this NAT. The Balance will still do a NAT for the secondary WANs. Normally there is a firewall inside with this configuration but a local MPLS network can be on the inside of a Balance with drop-in mode as well.


#3

Drop in mode works if you have one MPLS provider but you’re limited to a single provider. There’s no way around this if you have more than 1 MPLS provider.


#4

Hi,

Your mixed internet and MPLS circuits on a WAN port as below?


If my assumption is correct, can I suggest design below to achieve no NAT for MPLS and NAT for internet traffics?



#5

Yes, creating a tunnel over the connection will work but this solution would render the MPLS provider’s QOS settings useless. The cleanest solution to this would be to allow NAT policies based on the outbound policies instead of on the actual WAN link.