Knowledge Base

 
Reset Search
 

 

Article

How to configure 1:1 NAT over IPSec VPN (VTI)

« Go Back

Information

 
TitleHow to configure 1:1 NAT over IPSec VPN (VTI)
Objective
  • Configure 1:1 NAT over IPSec VTI VPN
  • How to get one or more static IP addresses to be available across a Virtual Tunnel Interface using IPsec.
Environment
  • IPSec VPN (VTI)
  • NCOS 6.5.2
Procedure
  1. Log into the router's NCOS page.
  2. Configure IPSec VPN according to the VTI Knowledge Base Article 
  3. Configure 1:1 NAT rule
    1. Navigate to Security > Zone Firewall > NAT
    2. Under the "NAT" section, click "Add"
  4. Configure the NAT settings:
    1. Bound Interfaces/Zone - select the previously-created VTI zone from the drop-down menu
    2. Original Destination IP - IP address of the VTI interface
    3. NAT To Network: IP address of the internal host 
    4. Check the box for "Add Proxy ARP Routes."
    5. Click "Save"
Additional Information
  • For general information about configuring 1:1 NAT, see our Knowledge Base article - NCOS: 1 to 1 NAT
  • Proxy ARP is not configurable on the VTI interface. 1:1 NAT can only be done using the IP address on the VTI interface

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255