Knowledge Base

Reset Search



How to configure 1:1 NAT over IPSec VPN (VTI)

« Go Back


TitleHow to configure 1:1 NAT over IPSec VPN (VTI)
  • Configure 1:1 NAT over IPSec VTI VPN
  • How to get one or more static IP addresses to be available across a Virtual Tunnel Interface using IPsec.
  • IPSec VPN (VTI)
  • NCOS 6.5.2
  1. Log into the router's NCOS page.
  2. Configure IPSec VPN according to the VTI Knowledge Base Article 
  3. Configure 1:1 NAT rule
    1. Navigate to Security > Zone Firewall > NAT
    2. Under the "NAT" section, click "Add"
  4. Configure the NAT settings:
    1. Bound Interfaces/Zone - select the previously-created VTI zone from the drop-down menu
    2. Original Destination IP - IP address of the VTI interface
    3. NAT To Network: IP address of the internal host 
    4. Check the box for "Add Proxy ARP Routes."
    5. Click "Save"
Additional Information
  • For general information about configuring 1:1 NAT, see our Knowledge Base article - NCOS: 1 to 1 NAT
  • Proxy ARP is not configurable on the VTI interface. 1:1 NAT can only be done using the IP address on the VTI interface



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255