Configuring Direct Internet Access / Local Breakout in Cisco SD-WAN Edges

This is an example of configuring branch offices with internet access from the same WAN edge interfaces which are used also for building tunnels in internet transport.

It is just NAT combined with a Traffic Data Policy under Centralized Policies.

Following is the requirement.

All Site LAN traffic from WAN sites should be routed to internet through Gi1 interface

1st let's configure NAT on Gi1 interfaces via corresponding interface templates.

Then the Policy.

Let's create the Group of Interest required, Data Prefix..

It should be a Traffic Data Policy and It's under the Traffic Rules.

Sequence Type should be Custom.

There must be 2 Sequence Rules to be configured.

1st one should Match the Data Prefix created earlier "LAN" as the source and destination and it should be Accepted means do nothing, normal processing for WAN routing..

2nd one should Match the same Data Prefix and the Set Action should be NAT VPN.

**Also don't forget to select the Default Action under the Sequence to Accept and Enabled otherwise other traffic will be dropped.

Policy Application also should be in Traffic Data, Sites are "ALL-SITES" in my example, VPN should be "DATA". Those values are previously configured by me as Groups of Interests.

Then Save and Activate..

Verification:-