Tunnel IPSEC NAT problem

V2IT Posts: 3  Freshman Member
edited April 2021 in Security
Hello everyone and Merry Christmas!!
I established an IPSEC tunnel but the other side wants to see me with another IP, how do I mask my original IP?


  • Ian31
    Ian31 Posts: 161  Master Member
    Is it site-to-site IPSec ? 
    What's the another IP address ? a single IP or a subnet ?

  • V2IT
    V2IT Posts: 3  Freshman Member

    Site to site

    My LAN My WAN my public IP---------------remote public IP remote LAN
    Then, the tunel is established
    Remote side want see packet coming from
    I try to use Inbound/outbound traffic NAT with diferent configuration with out result
  • V2IT
    V2IT Posts: 3  Freshman Member
    Sorry,  forget to comment that it is an IPSEC environment
  • Ian31
    Ian31 Posts: 161  Master Member
    Here the recommend settings,
    1. IPSec VPN connection
        (1) the local policy / remote policy is HOST: /  SUBNET:
        (2) set the outbound traffic SNAT. From to, SNAT to

    2. Add a policy route. From to, go into this VPN tunnel

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    Hello V2IT,
    You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.

Security Highlight