Vigor Router supports applying NAT to traffic in a LAN-to-LAN IPsec VPN, so that the remote network will only see traffic from a single IP address. This is necessary when the VPN server use one network for creating IPsec connection, but the firewall policy allow a different IP address to access their local network. Like the illustrated below.
1. Go to VPN and Remote Access >> LAN to LAN, click any index to create a profile.
2. In the profile,
Dial-Out setting(version 4.x.x)
Dial-Out setting(version 3.x.x)
TCP/IP Network Settings
3. Go to VPN and Remote Access >> Connection Management and click Dial.
Here comes the difference with/without the client Local Network translating.
1. Without the VPN client Local Network translating: The Status will show the Virtual Network as VPN Client ’s LAN network. In this example, it is 192.168.1.1/24.
2. With the VPN client Local Network translating: The Status will show the Virtual Network as VPN Client ’s translated single IP. In this example, it is 172.16.2.129/32.
This article will show how to configure Vigor2960/3900 for meeting this purpose.
1. Go to VPN and Remote Access >> VPN Profiles >> IPsec page, click Add to create an IPsec LAN to LAN profile.
2. Go to Advanced tab, select Enable for Apply NAT Policy.Translated Local Network option will be visible after enabling Apply NAT Policy.
After the above configuration, Vigor2960 will translate the source IP to 172.16.2.129 while the LAN clients want to access remote VPN network 192.168.188.0/24.
Published On: 2020-09-30
Was this helpful?