Balance 380 - Static NAT for subnets?


#1

Hi guys, I have done google searches, KB searches, and read through the user guide and I can’t figure out how to do this…Basically, I want to NAT one subnet to another subnet for use in a site-to-site VPN.

Any traffic coming from the local network of 192.168.1.0/24, destined for the remote network of 192.168.5.0/24, utilize the source NAT pool of 192.168.5.0/24.

So basically, if a server with an IP of 192.168.1.50 goes outbound, the firewall on the other side of the IPsec VPN sees the address as 192.168.5.50 instead.

Is there a way to do this that I’m just missing? I’m on firmware 5.4.9 build 2573. I’m a newbie with Peplinks, so any assistance would be helpful!


#2

The current firmware allows you to achieve this in one direction with SpeedFusion. NAT mode can be used for SpeedFusion in which the remote VPN is assigned an IP address from the local Balance. If this works for you it will require a firmware upgrade for your Balance 380 and Peplink provides free firmware upgrades.


#3

The device on the other side of the VPN is not a Peplink, I thought they both needed to be Peplinks for SpeedFusion.

Also, the local IP addresses on both sides of the VPN are the same subnet - I thought that was why we needed to NAT them. (Basically, we are moving our current servers out of the office to a remote datacenter, and trying to figure out how to connect the Peplink we have in the office to the Juniper firewall in the datacenter without putting new IP addresses on all the servers, which will break the applications on those servers, as they are tied to IP addresses.)

I could do this with the 1-to-1 NAT Mapping that the Peplink provides… but I don’t want to enter a 50 static 1-to-1 NATs, I’d like to enter just a subnet for translation. For example: http://www.juniper.net/documentation/en_US/junos12.1/topics/example/nat-security-static-subnet-translation-configuring.html


#4

Anyone?.. at this point it almost seems like this is just functionality Peplink doesn’t offer?


#5

IPsec with a NAT to avoid network conflict is currently a feature request for future firmware revisions.


#6

Thank you for the information.