Are There Special Requirements If I Configure Both NAT and VPN Correctly on a FW?
Created: Apr 24, 2017 07:12:49Latest reply: Apr 25, 2017 00:37:17
1237
1
0
0
0
- x
- convention:
- Emotion(0)
|
If you configure both NAT and virtual private network (VPN) functions on a FW, you need to configure a NAT policy to prevent the FW from performing NAT on data flows that are to be encapsulated using the VPN. In the following example, Figure 1 shows the networking for NAT and an Internet Protocol Security (IPSec) VPN.
Figure 1 NAT and IPSec VPN
 As shown in Figure 1, a FW connects networks A and B to the Internet. PCs on both networks communicate over an IPSec VPN tunnel. After traffic from networks A and B arrives at FWs, the FWs use NAT to process data flows, except data flows to be transmitted over the IPSec VPN tunnel. NAT policies need to be configured to help the FW separate NAT traffic from IPSec VPN traffic. The NAT policy configuration on FW_B is similar to that on FW_A. The difference is that FW_B has the source and destination addresses specified in the NAT policy to those specified on FW_A. This post was last edited by adeline_mei at 2017-04-25 02:28. |
|
Comment
Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
- Politically sensitive content
- Content concerning pornography, gambling, and drug abuse
- Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
