Contact addresses, Location elements, and NAT
Contact Addresses represent the translated address of a component. Location elements group components together, so that there is no NAT between them.
The Contact Address represents the translated address of a component. Contact Addresses are defined for each Location element. The Location element is a way to group components together, in effect telling them that there is no NAT device between them.
The Secure SD-WAN Manager components on each side of a NAT device are grouped into two separate Location elements (if necessary, more Location elements can be used). The Contact Address is defined in each element’s properties for the other Location. When contacting some other component in their own Location, the components always use the untranslated address. When contacting some component outside their own Location, the contacting component checks if the other component has a Contact Address defined for the contacting element’s Location. If it finds one, it uses the Contact Address. If there is no Location-specific Contact Address defined, the contacting component checks if the element has a Default Contact Address that components belonging to any other Location use for contacting the element. If the element does not have a Default Contact Address, the connection is attempted using the element’s untranslated address.
For example, when a Management Server contacts a firewall node through NAT, the Management Server uses the translated Contact Address instead of the firewall node’s real Control IP address. The NAT device in between translates the NAT address to the firewall’s real IP address as usual.