[ATP/FLEX] How to configure the firewall for IPSec VPN server behind NAT router?

Zyxel_Emily
Zyxel_Emily Posts: 1,296  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited September 2023 in VPN

Topology
nebula firewall (wan1: 192.168.1.34)----(lan1: 192.168.1.1)Router(wan: 61.222.x.y)-----Internet-----IPSec VPN client (IKEv2 client)

On Router, you need to create a NAT rule and open ports(IKE, NATT).
NAT Rule:Extermal IP: 61.222.x.y
Intermal IP: 192.168.1.34
Port mapping: IKE, NATT

Firewall Rule:
Destination: 192.168.1.34
Service: IKE, NATT
Action: Allow

On nebula, click Send Email in SecuExtender IKEv2 VPN configuration provision. Download the configuration provision file and double click it.

On IPSec VPN client (IKEv2 client), edit the Remote Gateway IP address: 61.222.x.y.