20 | Release Note |
Figure 5: Using enhanced NAT in an IPsec tunnel with different IPsec and default gateways.
LAN 1 | LAN 2 |
192.168.2.0 subnet | 192.168.1.1 - 192.168.1.100 |
| F |
| I |
| R |
| E |
| Internet |
| NAT |
W | Default | |
A | ||
gateway | ||
L | ||
| ||
L | IPsec tunnel | |
|
Private interface: 192.168.2.100
IPsec
gateway
192.168.1.53
Apparent source host
Standard NAT
To translate the source address of traffic received on the private interface eth0 and destined for addresses in the range
ADD FIREWALL POLICY=zone1 RULE=10 ACTION=NAT NATTYPE=STANDARD
INT=eth0 PROTOCOL=all GBLIP=210.25.4.0
NATMASK=255.255.255.0
To provide a corresponding rule on the public interface eth1 to translate to the private subnet 10.1.2.0, use the command:
ADD FIREWALL POLICY=zone1 RULE=11 ACTION=NAT NATTYPE=STANDARD
INT=eth1 PROTOCOL=all GBLIP=210.25.4.0 IP=10.1.2.0
NATMASK=255.255.255.0
Double NAT
To translate both the source and destination addresses of traffic received on the private interface with a source address of 192.168.0.74 to a destination address of 210.25.7.1 and new source address of 210.25.4.1, use the command:
ADD FIREWALL POLICY=zone1 RULE=50 ACTION=NAT NATTYPE=DOUBLE
INT=eth1 PROTOCOL=all IP=192.168.0.74 GBLIP=210.25.4.1
GBLREMOTEIP=210.25.7.1
Software Release 2.3.1
