ZyXEL Communications VSG-1200 V2 8.2.1 Example 1: One-to-One

VSG-1200 V2 User’s Guide

In order to allow subscribers to establish multiple VPN connections to a remote VPN device with single-connection-per-source limitation, set the VSG to perform NAT on the WAN. You need to configure NAT address pool for use with VPN connections on the WAN port. The VSG automatically maps one/more private IP addresses to one/more public IP addresses for VPN packets. The following table describes the NAT mapping types on the WAN for VPN packets.

Table 12 WAN NAT Mapping Types for VPN

TYPE	DESCRIPTION

One-to-One	For VPN connections to the same remote VPN device, the VSG maps each private
	LAN IP address to one public WAN IP address.
One-to-Many	For VPN connections to different remote VPN devices, the VSG maps multiple private
	LAN IP address to one public WAN IP address.

8.2 NAT Examples

The following sections describe some NAT address mapping examples for VPN connections.

8.2.1 Example 1: One-to-One

The figure below shows an example where the two subscribers S1 and S2 tries to establish secure VPN connections to the same VPN server V1 at the same time. For example, the VSG is using a public IP address of 211.21.21.11. In this case, the VSG performs One-to-One IP address translation on the WAN.

Figure 26 NAT Example: One-to-One

The following table shows the address mapping.

Table 13 NAT Example: One-to-One

SUBSCRIBER	ORIGINAL SOURCE IP	TRANSLATED SOURCE IP

S1	10.59.1.2	211.21.21.2

S2	10.59.1.3	221.21.21.3

1.All public IP address discussed are for examples only.

Chapter 8 NAT Pool

76

Contents

User’s Guide Copyright Disclaimer Trademarks Certifications Federal Communications Commission (FCC) Interference Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Page Safety Warnings Page ZyXEL Limited Warranty Note Registration Customer Support Page Table of Contents Initial Setup Example System LAN and WAN Setup Page Dynamic Subscriber Accounts Port-LocationMapping Customization Page LAN Devices Static Route Syslog Session Trace Miscellanea Page Troubleshooting Appendix A Product Specifications Appendix B Appendix C Appendix F Appendix G Appendix H Page List of Figures Page Page Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Convention Graphics Icons Key Getting to Know Your VSG Property Management System (PMS) CAS (Central Authentication Service) Credit Card Billing SSL Secure Login PPPoE Support (RFC2516) PPTP Support Reset Button Plug-and-PlayInternet Access Port Forwarding Local Subscriber Database Accounting Local Content and Advertising Links Access Control (Walled Garden) E-mailForwarding Subscriber Login Page Customization Dual-functionConsole Port Web Configurator Management System Maintenance 1.3.2 Internet Access in Public Areas 1.3.3 Hotel Application with PMS Page Hardware Installation and Connection 2.2.1 Front Panel 2.2.1.1 LAN Port 2.2.1.2 WAN Port 2.2.1.3 Console Port 2.2.1.4 PMS Port 2.2.1.5 Reset Button 2.2.2 Front Panel LEDs 2.2.3 Rear Panel 2.2.4 Turning on the VSG PWR The Web Configurator Configuration Menu 3.3.1 The Navigation Panel 3.3.2 Screen Specific Links 3.4.1 Saving Configuration Changes Success back Restart Main Menu System Tools System Account RESET In the Main Menu screen, click System Tools, Restart and click Apply Logout Page Initial Setup Example System Setting > WAN/LAN 4Select Get automatically from a DHCP server in the WAN Port Mode field 1Click System Setting > Billing to display the Billing Profile screen 2Change the Currency and Number of decimal places fields if required Edit 4The Billing Profile Setting Name Description hour Charge field 1Click System Setting > Accounting and click the Create Static Account Prefix From Random Password Length Welcome Enter Information Window Page System Page Page Page LAN and WAN Setup 6.3.2 Private IP Addresses 6.3.3 DNS Server Address System Settings WAN/LAN WAN Port Mode 6.5.1 WAN MAC Address WAN/LAN 6.5.2 WAN Port Mode: Dynamic/Fixed IP Address 6.5.3 WAN Port Mode: PPPoE Page 6.5.4 WAN Port Mode: PPTP Page Page Page Server Page Page Page NAT Pool 8.1.2 What NAT Does 8.1.3 How NAT Works 8.1.4 VPN and NAT 8.2.1 Example 1: One-to-One 8.2.2 Example 2: Many-to-One 8.2.3 Example 3: One-to-Oneand Many-to-One NAT Pool Page Authentication 9.1.4.1 RADIUS Accounting 9.1.4.2 Vendor Specific Attribute Page the Billing and Accounting screens 9.2.1 Scenario Options Built-in Items Check Page Page Billing 10.1.2 Configuring a Billing Profile Page 10.2.1 Port-LocationMapping Based on Room Based on Subscriber 10.2.2 PMS Configuration PMS Configuration Page Page Static Subscriber Accounts Page 11.3.1 Generating Static Accounts Automatically Generate a batch of static accounts Create Static Subscriber Account 11.3.2 Creating Static Subscriber Accounts Manually Manually Add Static Subscriber Accounts Create Static Account 11.4.1 Backing Up a Static Account List File Download Save Save As 11.4.2 Restoring a Static Account List File Path Browse Static Account Operator 11.5.1 Static Account Information Print Preview Print Page Page Dynamic Subscriber Accounts Page 12.3.1 Dynamic Account Generation Using the Web Configurator 12.3.2 Dynamic Account Generation Using a Statement Printer Console Type Dynamic Account Operator Panel Dynamic Account List 12.4.1 Backing Up the Dynamic Account List 2Click Dynamic Account List (refer to Figure 57 on page 108) Page Page Port-LocationMapping Page Page Page Credit Card Advanced Setting Page Page Customization 15.2.1 Standard Login Screen In the Login Screen Configuration screen, select Standard 15.2.2 Redirect Login Screen In the Login Screen Configuration screen, select Redirect 15.2.3 Advanced Login Screen 15.2.4 Framed Login Screen 15.2.5 Login Service Selection Page Built-in Authentication Authentication Configuration RADIUS Server RADIUS Server Page Account Printout Page Page Page User Agreement Page Page Credit Card Customization 15.6.1 Standard Login Page Credit Card Message Preview of Standard Login Page 15.6.2 Service Selection Page Page Page 15.6.3 Successful Page Page 15.6.4 Fail Page Fail Page Output Bill Customization Output Bill Page Bandwidth Management 16.2.1 Equal Bandwidth Setup Equal bandwidth for all subscribers 16.2.2 Class of Service Bandwidth Setup Class of service based on RADIUS or Billing profile settings Page Portal Page, Advertisement Link and Walled Garden Advertisement Walled Garden Page Passthrough Page 18.2.1 Destination URL and IP Address Passthrough Page Filter Page Privilege User 20.1.1 Accessing Session List As a Privilege User LAN Devices Figure 105 LAN Devices 21.2.1 LAN Device Management Example 21.2.2Specifying an Inside Server Example LAN Device Management Static Route Page Page Page Private LAN Figure 113 Private LAN Syslog 24.1.2 Log Settings Log Settings Page Page Page Page Session Trace 25.1.2 Session Trace Filename Convention SNMP 26.1.1Network Management System (NMS) SNMP Table 59 SNMP Page Miscellanea Page System Status Page Current User List Current User List DHCP DHCP Clients Page System Status NAT Pool Table LAN Devices Status LAN Devices 28.7.1 Accessing the LAN Device LAN Device Status Billing Log 28.8.1 Billing Logs Backup Save this file to disk PMS Transaction Page Page Configuration Page 29.2.1Configuration Backup Using TFTP Text File Name Restore 29.3.1Restore Configuration Using TFTP Page Keep subscriber profile Keep port-location mapping profile Firmware Local PC File Path 30.2.1Manual Firmware Upgrade via a TFTP Server Binary File Name Page Page SSL Certificate Servers SSL Security Web Server Enable SSL Login Security Security Alert View Certificate Certificate Install Certificate Certificate Import Wizard Finish Root Certificate Store Yes Page Page Using The SMT Page Page 32.4.1 The Navigation Keys WAN Type 32.6.1 WAN Type: Static/Dynamic 32.6.2 WAN Type: PPPoE 32.6.3 WAN Type: PPTP Page LAN Configuration Page System Utilities Utilities Menu 32.9.1 Firmware Upgrade 32.9.2Changing the Administrator Login Password Utilities Change Administrator Password Enter the old password Enter the new password Page Page Page Troubleshooting 33.1.3 The WAN Port LEDs Page Page Appendix A Product Specifications Page Appendix B IP Address Assignment Conflicts Page Page Page Appendix C Subscriber Login Page Appendix D Vendor Specific Attributes BW-Down BW-Up Page Page Appendix E Report Printing Using the SP-200 Page Page Page Page Page Appendix F Cable Types and Cable Pin Assignments Page Page Page Appendix G Setting up Your Computer’s IP Address Installing Components Add Adapter Protocol Microsoft Client for Microsoft Networks Configuring Properties Obtain an IP address automatically Specify an IP address New gateway field TCP/IP Properties Verifying Settings Run IP Configuration Network Connections Network and Dial-up Connections 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) General Use the following IP Address IP address Subnet mask Default gateway IP Settin Use the following DNS server addresses Preferred DNS server Alternate DNS server 8Click OK to close the Internet Protocol (TCP/IP) Properties window 9Click OK to close the Local Area Connection Properties window 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Configure Manually Router address 5Close the TCP/IP Control Panel System Preferences Apply Now Page IP Addresses and Subnetting IP Address Classes and Network ID Page Page Page Table 108 Subnet Table 109 Subnet Table 110 Subnet Page Page Index