Add ability to NAT with IPsec VPN - Balance 305


#1

As confirmed by Peplink support, it is not currently possible to NAT IPsec traffic on VPN tunnels terminated on a Balance – sometimes also referred to as D-NAT or S-NAT. We must use another device to perform the NAT before routing to the Balance.

It would be a great benefit to add this NAT functionality to the Balance firmware – many site-to-site VPN tunnels interfacing with Juniper/Cisco equipment require all tunnel traffic to originate from a single IP address (aka. “proxy ID”).

Thank you
Aaron


#2

Ref from: https://forum.peplink.com/threads/3476-Add-ability-to-NAT-with-IPsec-VPN-Balance-305


#3

Steve, any further update on this feature request?

We have a need for it with 2 of our VPN counterparties.

Thank you!
-Aaron


#4

Hi Aaron, sorry for the delayed reply. This feature has been added to the queue, but unfortunately there are so many new features coming up, this one is not included in our next firmware release (version 6.2), but this is definitely in our roadmap, please stay tuned.

Anyone else are waiting for this feature as well? Please don’t hesitate to let us know.


#5

Steve,

Hi,

I need that all network traffic be send to the “tune VPN” using a given IP. I would like to know if have some way to do this using PEPLINK 305.

If it’s not possible, can I do this using another equipment or software from PEPLINK?

Thanks


#6

Hi,

Devices at both end of IPSec tunnel will see original IP of each other at the monent. Are you referring to NAT with IPSec also?


#7

Hi

Yes, I want to add ability to NAT with IPsec VPN.

can I do this using another equipment or software from PEPLINK?

Tks


#8

Hi,

You may do this by adding another NAT device behind Peplink. The high level design as below:-

Users —> NAT devices —> B305 --IPSec–> B305 —> Users


#9

Yes we need it too, I want to add ability to NAT with IPsec VPN.

We just ran in to the issue in our Call Center VPN implementation for VoIP where other side has Cisco and they require have NAT on IPsec.


#10

We’re waiting on this as well. Client needs 1-to-1 NAT’ing for devices “inside” an IPSec VPN tunnel. The tunnel establishes fine when adding those IP’s as a IPSec “local network” but I need to be able to NAT my PepVPN IP’s to those assigned IPSec tunnel IP’s. The NAT mapping table would work if it didn’t restrict to WAN interfaces. If it would expose those defined IPSec VPN local networks, we’d be in business.

John


#11

Hello, have should we expect ability to NAT with IPsec VPN any time soon?


#12

This is currently under development, not in any 6.2.x releases though, but very likely it will be available in next major release, please stay tuned :slight_smile: