Policy based NAT on VPN

Unanswered Question
Jul 9th, 2010


I have a query on Policy NAT for VPN:

I am doing hide natting few servers against one public IP and configured tunnel as that IP as our encryption domain IP. As server are hide natted against the IP, so from outside no traffic is allowed.

Now I have another requirement that, some of the client want access to same servers over the VPN from their end, so first of all, is it possible? Can it be acheived through Policy NAT, if yes, any such example would be great help.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Sat, 07/10/2010 - 01:35

Unfortunately policy NAT only works in the one direction since it's dynamically NATing multiple servers to 1 public ip address, the reverse direction is not supported.

For client access to servers, you would need to configure 1:1 static NAT, or 1:1 static port address redirection.

Hope that answers your question.

winpwnkmr Sat, 07/10/2010 - 01:49

So that means, same servers can be hide NAT for some clients as well as static NAT for some of the clients throgh Policy NAT over the VPN. Pls. suggest.



Jennifer Halim Sat, 07/10/2010 - 02:10

No, you would need to change your policy NAT to static NAT. You can't configure both at the same time.


This Discussion