Implement NAT over IPSec VPN by Route-Based VPN

Zyxel_Kevin Posts: 752  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Topology & Scenario:

Your headquarter office may have many IPsec VPN tunnels with Branch, However, all branch offices have the same subnet for example

To meet the application, need a fake subnet represent for each Branch which means the headquarter only know the fake subnet.

For example: → BranchA → Branch B


There may be many application scenarios with different settings.

The following article sets the settings according to the following goals.

1)The can access HQ service

2) can access

The settings of HQ:

Traffic to goto vti interface.

The settings of Branch:

Traffic to goto vti interface

Set Many1:1 NAT, traffic to will translated to

1)The can access HQ service

2) can access