Security Policy
1
Policy Route
2
VPN 1-1 Mapping
3
If you set a policy route to the same user/user group as a VPN 1-1 mapping rule, the UAG checks
the policy routing rules first and forwards the traffic to a specified next-hop if matched. You need to
make sure there is no security policy(ies) blocking the traffic from the matched user or user group.
To make the example in
For traffic between lan1 or lan2 and wan1:
• a from LAN1/LAN2 to WAN security policy (default) to allow any traffic from the user A/B from
lan1 or lan2 to wan1. Responses to this request are allowed automatically.
• a VPN 1-1 mapping rule to forward any traffic from the user A/B through the wan1 interface
using a unique public IP address.
15.2 The VPN 1-1 Mapping General Screen
The VPN 1-1 Mapping summary screen provides a summary of all VPN 1-1 mapping rules and
their configuration. In addition, this screen allows you to create new VPN 1-1 mapping rules and
edit and delete existing VPN 1-1 mapping rules. To access this screen, login to the Web Configurator
and click Configuration > Network > VPN 1-1 Mapping. The following screen appears,
providing a summary of the existing VPN 1-1 mapping rules.
Figure 147 Configuration > Network > VPN 1-1 Mapping
The following table describes the labels in this screen.
Table 98 Configuration > Network > VPN 1-1 Mapping
LABEL
Enable VPN 1-1
Mapping
Add
Chapter 15 VPN 1-1 Mapping
Figure 146 on page 226
DESCRIPTION
Select this option to enable VPN 1-1 mapping on the UAG.
Click this to create a new entry.
UAG Series User's Guide
work, make sure you have the following settings.
227