Apply NAT inside IPsec VPN to match Remote Network's Firewall Policy


Vigor Router supports applying NAT to traffic in a LAN-to-LAN IPsec VPN, so that the remote network will only see traffic from a single IP address. This is necessary when the VPN server use one network for creating IPsec connection, but the firewall policy allow a different IP address to access their local network. Like the illustrated below.

This article will show how to configure Vigor2960/3900 for meeting this purpose.

1. Go to VPN and Remote Access >> VPN Profiles >> IPsec page, click Add to create an IPsec LAN to LAN profile.

  1. Tick Enable
  2. Enter Local IP/ Subnet Mask
  3. Enter the IP of remote VPN server at Remote Host
  4. Enter Remote IP/ Subnet Mask

2. Go to Advanced tab, select Enable for Apply NAT Policy.Translated Local Network option will be visible after enabling Apply NAT Policy.

  1. Enter the IP that VPN server requests in Translated Local Network.
  2. In this example, it is a single IP, so we should select for the subnet mask.

After the above configuration, Vigor2960 will translate the source IP to while the LAN clients want to access remote VPN network


Published On: Dec 05, 2017 

Was this helpful?     

Related Articles