Filter
Top Products
VSG-1200 User’s Guide
Chapter 5 NAT Pool 67
In order to allow subscribers to establish multiple VPN connections to a remote VPN device
with single-connection-per-source limitation, set the VSG to perform NAT on the WAN. You
need to configure the NAT address pool for use with VPN connections on the WAN port. The
VSG automatically maps one/more private IP addresses to one/more public IP addresses for
VPN packets. The following table describes the NAT mapping types on the WAN for VPN
packets.
5.3 NAT Examples
The following sections describe some NAT address mapping examples for VPN connections.
5.3.1 Example 1: One-to-One
The figure below shows an example where the two subscribers S1 and S2 tries to establish
secure VPN connections to the same VPN server V1 at the same time. For example, the VSG
is using a public IP address of 211.21.21.1
2
. In this case, the VSG performs One-to-One IP
address translation on the WAN.
Figure 24 NAT Example: One-to-One
The following table shows the address mapping.
Table 12 WAN NAT Mapping Types for VPN
TYPE DESCRIPTION
One-to-One For VPN connections to the same remote VPN device, the VSG maps each private
LAN IP address to one public WAN IP address.
One-to-Many For VPN connections to different remote VPN devices, the VSG maps multiple private
LAN IP address to one public WAN IP address.
2. All public IP address discussed are for examples only.
Table 13 NAT Example: One-to-One
SUBSCRIBER ORIGINAL SOURCE IP TRANSLATED SOURCE IP
S1 10.59.1.2 211.21.21.2
S2 10.59.1.3 221.21.21.3