Experience case of SDWAN TTE connection failure at a certain site

Both the on-site branch and headquarters have fixed public IPs with NAT conversion. It was found that while WAN ports can communicate and TLS establishes normally, TTE connections fail to be established.

1. Using WAN port mutual ping, the addresses can communicate with each other

2. Branch displays SD-WAN peer-connection status to check TLS and finds a connected TLS link with the headquarters device

3. When executing dis sdwan tte connection, the remote IP corresponding to the branch is found to be the converted NAT address, but the headquarters sees the branch as a private network address

4. Checking the service network details of WAN, it is found that only one side has a fixed public IP configured

For scenarios where both sides are configured with fixed public IPs and NAT is implemented, both the headquarters and branch need to configure fixed public IPs when setting up WAN network details. In this case, the headquarters device does not require STUN server configuration.

For on-site versions, you can directly modify and add a fixed public IP. For earlier versions that cannot modify the public IPv4 address, you need to reconfigure the WAN service network.