Question

I have a very simple setup but I cannot get it to work. I have established a IPSEC VPN tunnel between my RUT955 and our office Draytek router. The LAN on the draytek is 172.16.1.1. The LAN on the RUT is 192.168.1.254. The tunnel is configured between these IP's

I have 1 device connected to the RUT using IP 192.168.1.1. This device needs to be NATed to a fixed IP in the range of 172.16.1.x. The tunnel works, I can reach the device and the device can reach the Draytek router, but I cannot get the NAT part to work. I have already spent a lot of hours reading this forum and wiki's but now I am lost.

Answer 1

Hello,

  

Perhaps this article is what you are looking for? Or perhaps NETMAP target could be an answer here?

NAT rules can also be added in the Network → Firewall → NAT Rules section. Since IPsec does not have a virtual tunnel, it would be considered to be in the WAN zone. Make sure to add -m policy --dir in --pol ipsec in the extra arguments field to apply this policy only to the IPsec traffic.

Let me know if neither of these options are suitable for you. 

  

Best regards,
DaumantasG

Comments

Thanks for your answer. I followed (again) the manuals you are referring to. But I cannot get it to work. Also, were can I add the extra arguments?

This is the topology of what I am trying to create:

The IPsec tunnel is up and can be used, so I left the public IP adresses out. Client 2 needs to be NATed to have an IP adress in the client 1 range. Coul you supply a more detailed answer to get this working?