SSID NAT IP address

Achazit
Achazit Posts: 9
edited August 2021 in Nebula
Hello, is it possible to change the SSID NAT Isolation IP address? The problem is, my work VPN is interfering the IP from the NAT is gave me. I need to change the subnet mask to /24, it's currently at /8.

All Replies

  • Zyxel_Bella
    Zyxel_Bella Posts: 300  Zyxel Employee

    Hi @Achazit

     

    You might mention the NAT mode at the SSID settings page on Nebula. Here is the spec of NAT mode for your reference:

    -        DHCP settings cannot be manually configured

    -        If AP management IP address is NOT part of “10.0.0.0/8”, SSID subnet becomes “10.0.0.0/8”

    -        If AP management IP address is part of “10.0.0.0/8”, SSID subnet becomes “172.16.0.0/12”

    Can you provide your network topology and VPN information, we’ll consider if any solutions could be suitable for you. Thank you

     

    Regards,

    Bella

  • Achazit
    Achazit Posts: 9

    Hi @Achazit

     

    You might mention the NAT mode at the SSID settings page on Nebula. Here is the spec of NAT mode for your reference:

    -        DHCP settings cannot be manually configured

    -        If AP management IP address is NOT part of “10.0.0.0/8”, SSID subnet becomes “10.0.0.0/8”

    -        If AP management IP address is part of “10.0.0.0/8”, SSID subnet becomes “172.16.0.0/12”

    Can you provide your network topology and VPN information, we’ll consider if any solutions could be suitable for you. Thank you

     

    Regards,

    Bella


    Hello Bella,

    The problem is, the VPN is for my work and is using the same subnet as my NAT Isolation 10.x.x.x /8, and if I changed it to /24, it will fix the problem. That's what I said in the beginning.

    My current private network is 172.25.0.0 /24. The SSID NAT for DNET is set to /8 in the 10.x.x.x that is the same, as my work VPN network. It causes conflicts and thus knocking me off the internet.

    BTW, I never mentioned configuring DHCP. I was wondering if there's a way to change the NAT Isolation for DNET in my SSID list for work to change the subnet mask to /24? This will avoid conflict with VPN IP address.

    I hope that makes sense. The goal is to keep my work connection separate from my private network. The AP is connected to the switch, 52 ports.
  • Zyxel_Bella
    Zyxel_Bella Posts: 300  Zyxel Employee

    Hi @Achazit

     

    Because NAT mode is a solution providing remap the IP address field of network traffic for small topology so it doesn’t support user to configure manually.

    We’ll help to raise your scenario for feature request and discuss if the IP address range of NAT mode can be configurable.

    At this moment, we know it is not the best solution but we’ll suggest you to change the VPN subnet if possible as the quick method now.

    Thank you for the suggestions for improvement.

     

    Regards,

    Bella

  • Achazit
    Achazit Posts: 9
    Thanks Bella for the feedback, but how can i change the VPN from my work that house 400K people? That's not practical. It would cause a lot of issues, but if it was a smaller organization, maybe that's feasible.

    That would be great if that feature to modify the NAT Isolation IP range and subnet mask, would resolve this issue. I could always use the VLAN Tags/ID to point to the correct VLAN to keep my work and personal network separated, but I prefer in the future to get the feature to change the IP range and subnet.

    Thank you very much!!!

Nebula Tips & Tricks