Chapter 30 IPSec VPN
UAG5100 User’s Guide
311
• Destination - the original destination address; the remote network (B).
• SNAT - the translated source address; the local network (A).
Source Address in Inbound Packets (Inbound Traffic, Source NAT)
You can set up this translation if you want to change the source address of computers in the remote
network. To set up this NAT, you have to specify the following information:
• Source - the original source address; the remote network (B).
• Destination - the original destination address; the local network (A).
• SNAT - the translated source address; a different IP address (range of addresses) to hide the
original source address.
Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)
You can set up this translation if you want the UAG to forward some packets from the remote
network to a specific computer in the local network. For example, in
, you
can configure this kind of translation if you want to forward mail from the remote network to the
mail server in the local network (A).
You have to specify one or more rules when you set up this kind of NAT. The UAG checks these rules
similar to the way it checks rules for a firewall. The first part of these rules define the conditions in
which the rule apply.
• Original IP - the original destination address; the remote network (B).
• Protocol - the protocol [TCP, UDP, or both] used by the service requesting the connection.
• Original Port - the original destination port or range of destination ports; in
, it might be port 25 for SMTP.
The second part of these rules controls the translation when the condition is satisfied.
• Mapped IP - the translated destination address; in
, the IP address of the
mail server in the local network (A).
• Mapped Port - the translated destination port or range of destination ports.
The original port range and the mapped port range must be the same size.
IPSec VPN Example
Here is an example of configuring a site-to-site IPSec VPN.