Translate VPN client IP addresses using NAT Pool

The NAT pool defines a range of IP addresses that the firewall can use to translate the source address of connections from VPN clients.

The NAT pool translates the addresses in the same way as NAT rules do. Connections that use the NAT Pool must not match any NAT rules.
Note: Make sure that NAT is enabled for this VPN. The Enable NAT with this VPN option in the properties of the VPN element must be selected. Otherwise, the NAT pool options have no effect.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the firewall element, then select Edit <element type>.
  2. In the navigation pane on the left, select VPN > Advanced.
  3. Select the Translate IP Addresses Using NAT Pool option.
    Note: If the NAT Pool is active, it is also used for translating connections from VPN clients that have a virtual IP address. It is not possible to exclude hosts with a virtual IP address from being subject to the NAT Pool address translation.
  4. In the IP Address Range and Port Range fields, enter the IP addresses and ports you want to use for translating VPN client traffic.
    CAUTION:
    Make sure the addresses that you define here do not overlap with addresses that are in use in your networks. Also, the addresses must not overlap with any translated address space in your NAT rules.

Engine Editor – VPN – Advanced

Use this branch to change advanced VPN settings.

Option Definition
Gateway Settings The Gateway Settings element that defines performance-related VPN options.
TCP Tunneling Port Port used for tunneling Stonesoft VPN Client connections inside TCP connections to bypass intermediary traffic filters and NAT devices.
Translate IP Addresses Using NAT Pool When selected, the specified IP address range and port range are used for translating IP addresses of incoming Stonesoft VPN Client connections to internal networks.
IP Address Range IP address range for translating IP addresses of incoming Stonesoft VPN Client connections to internal networks.
Port Range Port range for translating IP addresses of incoming Stonesoft VPN Client connections to internal networks.