Translate VPN client IP addresses using NAT Pool

The NAT pool defines a range of IP addresses that the firewall can use to translate the source address of connections from VPN clients.

The NAT pool translates the addresses in the same way as NAT rules do. Connections that use the NAT Pool must not match any NAT rules.
Note: Make sure that NAT is enabled for this VPN. The Apply NAT to traffic that uses this VPN option in the properties of the VPN element must be selected. Otherwise, the NAT pool options have no effect.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the firewall element, then select Edit <element type>.
  2. Browse to VPN > Advanced.
  3. Select the Translate IP Addresses Using NAT Pool option.
    Note: If the NAT Pool is active, it is also used for translating connections from VPN clients that have a virtual IP address. It is not possible to exclude hosts with a virtual IP address from being subject to the NAT Pool address translation.
  4. In the IP Address Range and Port Range fields, enter the IP addresses and ports you want to use for translating VPN client traffic.
    CAUTION:
    Make sure the addresses that you define here do not overlap with addresses that are in use in your networks. Also, the addresses must not overlap with any translated address space in your NAT rules.

Engine Editor > VPN > Advanced

Use this branch to change advanced VPN settings.

Option Definition
Gateway Settings The Gateway Settings element that defines performance-related VPN options.
Gateway Profile The Gateway Profile in use.
Translate IP Addresses Using NAT Pool When selected, the specified IP address range and port range are used for translating IP addresses of incoming Forcepoint VPN Client connections to internal networks. Enter the ranges in the IP Address Range and Port Range fields.
Note: This option is an alternative to using virtual IP addresses for VPN Clients.