UAG5100 User’s Guide
192
C
H A P T E R
1 6
VPN 1-1 Mapping
16.1 VPN 1-1 Mapping Overview
VPN 1-1 mapping allows an authenticated user in your network to access the Internet or an
external server using a public IP address different from the one used by the UAG’s WAN interface.
With VPN 1-1 mapping, each user that logs into the UAG and matches a pre-configured mapping
rule can obtain an individual public IP address. This helps especially when multiple users need to
access different remote servers through separate VPN tunnels via the UAG. Each user can use a
unique public IP address to transmit traffic through a separate VPN tunnel. The VPN connection will
not be disconnected due to response packets with the same source IP address coming from remote
servers in different VPN tunnels.
For example, users A and B are behind the UAG and both want to use a unique WAN IP address to
access a public server through the UAG’s WAN1 interface. After the user is authenticated by the
UAG and meets the criteria in a VPN 1-1 mapping rule, the UAG applies the rule settings and
assigns a public IP address to the user. Outgoing traffic from user A will then be sent through the
WAN1 interface using the mapped public IP address 10.10.1.35. Outgoing traffic from user B will be
sent through the WAN1 interface using the mapped public IP address 10.10.1.36.
Figure 119
VPN 1-1 Mapping Example
16.1.1 What You Can Do in this Chapter
• Use the VPN 1-1 Mapping screens (see
) to enable and configure VPN
1-1 mapping to assign a public IP address to each of users that match the rules.
• Use the VPN 1-1 Mapping > Profile screen (see
) to configure a pool
profile which defines the public IP address(es) that the UAG assigns to the matched users and
the interface through which the user’s traffic is forwarded.
10.10.1.35
10.10.1.36