SSID NAT IP address
All Replies
-
Hi @Achazit
You might mention the NAT mode at the SSID settings page on Nebula. Here is the spec of NAT mode for your reference:
- DHCP settings cannot be manually configured
- If AP management IP address is NOT part of “10.0.0.0/8”, SSID subnet becomes “10.0.0.0/8”
- If AP management IP address is part of “10.0.0.0/8”, SSID subnet becomes “172.16.0.0/12”
Can you provide your network topology and VPN information, we’ll consider if any solutions could be suitable for you. Thank you
Regards,
Bella
0 -
Zyxel_Bella said:
Hi @Achazit
You might mention the NAT mode at the SSID settings page on Nebula. Here is the spec of NAT mode for your reference:
- DHCP settings cannot be manually configured
- If AP management IP address is NOT part of “10.0.0.0/8”, SSID subnet becomes “10.0.0.0/8”
- If AP management IP address is part of “10.0.0.0/8”, SSID subnet becomes “172.16.0.0/12”
Can you provide your network topology and VPN information, we’ll consider if any solutions could be suitable for you. Thank you
Regards,
Bella
Hello Bella,The problem is, the VPN is for my work and is using the same subnet as my NAT Isolation 10.x.x.x /8, and if I changed it to /24, it will fix the problem. That's what I said in the beginning.My current private network is 172.25.0.0 /24. The SSID NAT for DNET is set to /8 in the 10.x.x.x that is the same, as my work VPN network. It causes conflicts and thus knocking me off the internet.BTW, I never mentioned configuring DHCP. I was wondering if there's a way to change the NAT Isolation for DNET in my SSID list for work to change the subnet mask to /24? This will avoid conflict with VPN IP address.I hope that makes sense. The goal is to keep my work connection separate from my private network. The AP is connected to the switch, 52 ports.0 -
Hi @Achazit
Because NAT mode is a solution providing remap the IP address field of network traffic for small topology so it doesn’t support user to configure manually.
We’ll help to raise your scenario for feature request and discuss if the IP address range of NAT mode can be configurable.
At this moment, we know it is not the best solution but we’ll suggest you to change the VPN subnet if possible as the quick method now.
Thank you for the suggestions for improvement.
Regards,
Bella
0 -
Thanks Bella for the feedback, but how can i change the VPN from my work that house 400K people? That's not practical. It would cause a lot of issues, but if it was a smaller organization, maybe that's feasible.That would be great if that feature to modify the NAT Isolation IP range and subnet mask, would resolve this issue. I could always use the VLAN Tags/ID to point to the correct VLAN to keep my work and personal network separated, but I prefer in the future to get the feature to change the IP range and subnet.Thank you very much!!!1
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
