As confirmed by Peplink support, it is not currently possible to NAT IPsec traffic on VPN tunnels terminated on a Balance – sometimes also referred to as D-NAT or S-NAT. We must use another device to perform the NAT before routing to the Balance.
It would be a great benefit to add this NAT functionality to the Balance firmware – many site-to-site VPN tunnels interfacing with Juniper/Cisco equipment require all tunnel traffic to originate from a single IP address (aka. “proxy ID”).
Hi Aaron, sorry for the delayed reply. This feature has been added to the queue, but unfortunately there are so many new features coming up, this one is not included in our next firmware release (version 6.2), but this is definitely in our roadmap, please stay tuned.
Anyone else are waiting for this feature as well? Please don’t hesitate to let us know.
We’re waiting on this as well. Client needs 1-to-1 NAT’ing for devices “inside” an IPSec VPN tunnel. The tunnel establishes fine when adding those IP’s as a IPSec “local network” but I need to be able to NAT my PepVPN IP’s to those assigned IPSec tunnel IP’s. The NAT mapping table would work if it didn’t restrict to WAN interfaces. If it would expose those defined IPSec VPN local networks, we’d be in business.