NAT over IPsec VPN using an IP Alias

Overview

In specific environments, you may be connecting NG Firewall to a remote network via IPsec and the local side of the tunnel must be a specific IP address defined by the remote side. 

In this scenario, you can add the remote defined IP as an alias on your WAN interface, then create a NAT rule to translate VPN traffic to the alias IP address.

This scenario is best described through the following example:

Local Topology:

Local Public IP: 5.5.5.5
Local network: 192.168.100.0/32
Assigned VPN IP (alias): 172.30.100.10/32

Remote Topology:

Remote Public IP: 7.7.7.7
Remote network: 10.10.10.0/32

External Interface Alias: Found in Config > Network > Interfaces

Add the alias IP to the external (WAN) Interface

VPN Configuration: Make sure to put the local translated IP in for the Local Network.

NAT Rules: Found in Config > Network > NAT Rulesipsec_alias_nat.png

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk