NAT translation for local network over global VPN

fischnet

Usually when we configure a VPN it is pretty basic for our users. If we have IP overlap we will translate the entire local network. For example if network is 192.168.0.0 we translate it to 192.168.129.0 and everything lines up and works without a hitch. We have a company that is out of India that is requiring a Global VPN and I need to set specific NAT policies for local IP addresses. My local addresses are 192.168.0.55 and 192.168.0.56 which need to be translated to 192.168.129.15 and 192.168.126.16. What is the easiest way to achieve this? Do I need to tie each specific IP to the Translated IP? If so How do I go about that and do I need to put them in a group to add to each VPN location?

shiprasahu93

Hello @fischnet,

The NAT policy affects all GVC users. So, if you are trying to do this for a specific VPN user, I would suggest to bind the MAC address of the GVC adapter with an IP from the DHCP pool for GVC.

Once that is done, you can create specific NAT policies that only affects that user:

For Eg: GVC IP: 10.10.100.10. So this is how the NAT policy should look.

Original Source: 10.10.100.10

Translated Source: Original

Original Destination: 192.168.129.15

Translated Destination: 192.168.0.55

Original Service: Any

Translated Service: Original

Inbound interface: (WAN interface with which GVC connection would be made. Eg: X1)

Outbound Interface: Any

Create another such rule for 192.168.129.16 and 192.168.0.56.

Please make sure to add 192.168.129.15 and 192.168.129.16 to the VPN access for that username too.

If you would like to perform this for all GVC clients, you can change the original source to the entire GVC pool and have those addresses added to the VPN access for all GVC users or the user group if created.

I hope that helps.

Thanks!