V. VPN (Virtual Private Networking)

Vigor Routers can present VPN traffic with a chosen IP address thanks to VPN NAT translation capabilities. This allows the remote network to see traffic coming from a single specified IP address. This is needed where the VPN server uses one network for creating an IPsec tunnel, but the firewall policy allows only a specified IP address to access their local network. The diagram below depicts this topology in detail:

where:

• Head Office Local Network IP range is 192.168.188.1/24
• Vigor Router Local Network IP range is 192.168.1.1/24
• Head Office Router only allows traffic from 172.16.2.129

VPN Client Router Setup

1. Go to [VPN and Remote Access] > [LAN to LAN] and open an index to create a VPN profile

2. In the profile's Common settings section enter the following:

1. Populate the Profile Name
2. Enable this profile
3. Select the WAN interface
4. Select Dial-Out for Call Direction
5. (Optional) Tick Always On

Scroll down to Dial-Out Settings section:

1. Select IPsec Tunnel
2. Enter VPN server's WAN IP or a domain name
3. Input IKE Pre-Shared Key to match one used on the VPN server

In the last section - TCP/IP Network Settings:

1. Enter the IP address expected by your VPN server in My WAN IP (In this example we have used 172.16.2.129)
2. Populate Remote Network IP with VPN server’s LAN network
3. Select NAT
4. Click OK

3. Go to [VPN and Remote Access] > [Connection Management] and click Dial.

VPN Server Expected Results

Here are the different results when the NAT VPN translation settings are disabled, then enabled. To demonstrate how it works in practise:

1. Without the VPN client Local Network translating
The VPN Connection Status shows Virtual Network as VPN Client’s LAN network. In this example this is 192.168.1.1/24 (whole IP range)

2. With the VPN client Local Network translating
The VPN Connection Status shows Virtual Network as VPN Client’s translated IP address. In this example this is 172.16.2.129/32 (single IP address).