Implement NAT over IPSec VPN by Route-Based VPN

Zyxel_Kevin
Zyxel_Kevin Posts: 752  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Topology & Scenario:

Your headquarter office may have many IPsec VPN tunnels with Branch, However, all branch offices have the same subnet for example 192.168.11.0/24.

To meet the application, need a fake subnet represent for each Branch which means the headquarter only know the fake subnet.

For example:

192.168.100.0/24 → BranchA

192.168.101.0/24 → Branch B

Purpose

There may be many application scenarios with different settings.

The following article sets the settings according to the following goals.

1)The 192.168.11.0/24 can access HQ service 192.168.1.33

2)192.168.1.33 can access 192.168.100.0/24

The settings of HQ:

Traffic to 192.168.100.0/24 goto vti interface.

The settings of Branch:

Traffic to 192.168.1.0/24 goto vti interface

Set Many1:1 NAT, traffic to 192.168.100.0/24 will translated to 192.168.11.0/24

Verification
1)The 192.168.11.0/24 can access HQ service 192.168.1.33


2)192.168.1.33 can access 192.168.100.0/24

Tagged: