Nat examples, Example 1: one-to-one, Example 2: many-to-one – ZyXEL Communications ZyXEL Vantage VSG-1000 User Manual

VSG-1000 Vantage Service Gateway

4-4

System Configuration

pool for use with VPN connections on the WAN port. The VSG automatically maps one/more private IP addresses
to one/more public IP addresses for VPN packets. The following table describes the NAT mapping types on the
WAN for VPN packets.

Table 4-2 WAN NAT Mapping Type For VPN

TYPE DESCRIPTION

One-to-One

For VPN connections to the same remote VPN device, the VSG maps each private LAN IP address
to one public WAN IP address.

One-to-Many

For VPN connections to different remote VPN devices, the VSG maps multiple private LAN IP
address to one public WAN IP address.

4.7.5 NAT

Examples

The following sections describe some NAT address mapping examples for VPN connections.

Example 1: One-to-One

The figure below shows an example where the two subscribers S1 and S2 tries to establish secure VPN connections
to the same VPN server V1 at the same time. For example, the VSG is using a public IP address of 211.21.21.1

1

. In

this case, the VSG performs One-to-One IP address translation on the WAN.

Figure 4-1 NAT Example: One-to-One

The following table shows the address mapping.

Table 4-3 NAT Example: One-to-One

SUBSCRIBER

ORIGINAL SOURCE IP

TRANSLATED SOURCE IP

S1 10.59.1.2

211.21.21.2

S2 10.59.1.3

221.21.21.3

Example 2: Many-to-One

The figure below shows an example where the two subscribers S1 and S2 try to establish a secure VPN connection
to VPN servers V1 and V2 respectively at the same time. In this case, the VSG performs Many-to-One IP address
translation on the WAN since the destination address is different.

Figure 4-2 NAT Example: Many-to-One

The following table shows the address mapping.

1

All public IP address discussed are for examples only.