ZyXEL Communications VSG-1200 ユーザーズマニュアル

VSG-1200 User’s Guide

Chapter 5 NAT Pool

67

In order to allow subscribers to establish multiple VPN connections to a remote VPN device 
with single-connection-per-source limitation, set the VSG to perform NAT on the WAN. You 
need to configure the NAT address pool for use with VPN connections on the WAN port. The 
VSG automatically maps one/more private IP addresses to one/more public IP addresses for 
VPN packets. The following table describes the NAT mapping types on the WAN for VPN 
packets. 

The following sections describe some NAT address mapping examples for VPN connections. 

The figure below shows an example where the two subscribers S1 and S2 tries to establish 
secure VPN connections to the same VPN server V1 at the same time. For example, the VSG 
is using a public IP address of 211.21.21.1

2

. In this case, the VSG performs One-to-One IP 

address translation on the WAN. 

Figure 24   NAT Example: One-to-One  

The following table shows the address mapping.   

Table 12   WAN NAT Mapping Types for VPN

One-to-One

For VPN connections to the same remote VPN device, the VSG maps each private 

LAN IP address to one public WAN IP address. 

One-to-Many

For VPN connections to different remote VPN devices, the VSG maps multiple private 

LAN IP address to one public WAN IP address. 

2.

All public IP address discussed are for examples only. 

Table 13   NAT Example: One-to-One

S1

10.59.1.2

211.21.21.2

S2

10.59.1.3

221.21.21.3