Implement NAT over IPSec VPN by Route-Based VPN
Topology & Scenario:
Your headquarter office may have many IPsec VPN tunnels with Branch, However, all branch offices have the same subnet for example 192.168.11.0/24.
To meet the application, need a fake subnet represent for each Branch which means the headquarter only know the fake subnet.
For example:
192.168.100.0/24 → BranchA
192.168.101.0/24 → Branch B
Purpose
There may be many application scenarios with different settings.
The following article sets the settings according to the following goals.
1)The 192.168.11.0/24 can access HQ service 192.168.1.33
2)192.168.1.33 can access 192.168.100.0/24
The settings of HQ:
Traffic to 192.168.100.0/24 goto vti interface.
The settings of Branch:
Traffic to 192.168.1.0/24 goto vti interface
Set Many1:1 NAT, traffic to 192.168.100.0/24 will translated to 192.168.11.0/24
Verification
1)The 192.168.11.0/24 can access HQ service 192.168.1.33
2)192.168.1.33 can access 192.168.100.0/24
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 908 Nebula FAQ
- 415 Security FAQ
- 236 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 138 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight