How can the inbound destination NAT be used to hide the server’s real IP via a VPN tunnel?

Zyxel_Charlie Posts: 1,034  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited August 2022 in Networking

A customer requires that the server’s real IP is hidden when using site-to-site VPN. This can be done by using an inbound destination NAT to hide the server’s real IP when VPN is established.

The inbound DNAT works as a virtual server.

It can redirect the VPN traffic to the internal server.  


VPN connections:

Policy route:


Ping (the remote site server IP) from the subnet, and verify that it can reach the server.