Apply NAT inside IPsec VPN to match Remote Network's Firewall Policy

 Español

Vigor Router supports applying NAT to traffic in a LAN-to-LAN IPsec VPN, so that the remote network will only see traffic from a single IP address. This is necessary when the VPN server use one network for creating IPsec connection, but the firewall policy allow a different IP address to access their local network. Like the illustrated below.

This article will show how to configure Vigor2960/3900 for meeting this purpose.


1. Go to VPN and Remote Access >> VPN Profiles >> IPsec page, click Add to create an IPsec LAN to LAN profile.

  1. Tick Enable
  2. Enter Local IP/ Subnet Mask
  3. Enter the IP of remote VPN server at Remote Host
  4. Enter Remote IP/ Subnet Mask

2. Go to Advanced tab, select Enable for Apply NAT Policy.Translated Local Network option will be visible after enabling Apply NAT Policy.

  1. Enter the IP that VPN server requests in Translated Local Network.
  2. In this example, it is a single IP 172.16.2.129, so we should select 255.255.255.255 for the subnet mask.

After the above configuration, Vigor2960 will translate the source IP to 172.16.2.129 while the LAN clients want to access remote VPN network 192.168.188.0/24.

 

Published On: Dec 05, 2017 

Was this helpful?     


Related Articles