NAT over IPsec VPN using an IP Alias


In specific environments, you may be connecting NG Firewall to a remote network via IPsec and the local side of the tunnel must be a specific IP address defined by the remote side. 

In this scenario, you can add the remote defined IP as an alias on your WAN interface, then create a NAT rule to translate VPN traffic to the alias IP address.

This scenario is best described through the following example:

Local Topology:

Local Public IP:
Local network:
Assigned VPN IP (alias):

Remote Topology:

Remote Public IP:
Remote network:

External Interface Alias: Found in Config > Network > Interfaces

Add the alias IP to the external (WAN) Interface

VPN Configuration: Make sure to put the local translated IP in for the Local Network.

NAT Rules: Found in Config > Network > NAT Rulesipsec_alias_nat.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk