15.3 VPN using IPSec Protocol
IPSec server in local network
An IPSec server on a host in the local network or on the WinRoute host must be mapped from the Internet. In this case, traffic between Internet clients and the WinRoute host must be permitted by a traffic rule and mapping to a corresponding host in the local network must be set.
Warning: Only a single IPSec server can be mapped from the public IP address of the firewall. For mapping of multiple IPSec servers, the firewall must use multiple public IP addresses.
Example: We want to set that two IPSec servers will be available from the Internet — one on the WinRoute host and another on a host with the IP address 192.168.100.100. The firewall interface connected to the Internet uses IP addresses 60.80.100.120 and 60.80.100.121.