NAT over IPsec VPN using an IP Alias
Overview
In specific environments, you may be connecting NG Firewall to a remote network via IPsec and the local side of the tunnel must be a specific IP address defined by the remote side.
In this scenario, you can add the remote defined IP as an alias on your WAN interface, then create a NAT rule to translate VPN traffic to the alias IP address.
This scenario is best described through the following example:
Local Topology:
Local Public IP: 5.5.5.5
Local network: 192.168.100.0/32
Assigned VPN IP (alias): 172.30.100.10/32
Remote Topology:
Remote Public IP: 7.7.7.7
Remote network: 10.10.10.0/32
External Interface Alias: Found in Config > Network > Interfaces
Add the alias IP to the external (WAN) Interface
VPN Configuration: Make sure to put the local translated IP in for the Local Network.
NAT Rules: Found in Config > Network > NAT Rules
Follow
Comments
0 comments
Please sign in to leave a comment.