How can the inbound destination NAT be used to hide the server’s real IP via a VPN tunnel?

Zyxel_Charlie
Zyxel_Charlie Posts: 1,033  Zyxel Employee
edited April 14 in Security

A customer requires that the server’s real IP is hidden when using site-to-site VPN. This can be done by using an inbound destination NAT to hide the server’s real IP when VPN is established.

The inbound DNAT works as a virtual server.

It can redirect the VPN traffic to the internal server.  


Steps:

VPN connections:



Policy route:


VERIFICATION:

Ping 10.35.21.210 (the remote site server IP) from the 192.168.2.0/24 subnet, and verify that it can reach the server.

Security Highlight