NETGEAR FVS124G Configuration Manual page 34

Example: The NETGEAR's LAN in this example is the network
192.168.13.0/24 (= 192.168.13.0/255.255.255.0). Choose an arbitrary
private network that is not part of this network, such as 10.22.13.0/24,
and manually assign each user of the VPN a different IP address from
that network to be used as the Local Address in VPN Tracker.
Local Addresses for the More Curious
Why can't I use a Local Address from my NETGEAR's LAN?
It may sound a bit unusual to use IP addresses that are not part of the NETGEAR's LAN. The reason for this is that the
NETGEAR cannot act as a so-called "ARP Proxy" for its VPN clients. Computers on the NETGEAR's LAN therefore must
be "tricked" into sending replies for VPN clients to the NETGEAR by using IPs from outside the local network (for which
replies are sent to the default gateway).
My users connect from different places, from different IPs. Why do I still need to give them different Local
Addresses?
In most cases, the connecting Macs will be behind routers (DSL routers, wireless access points, ...) that perform Network
Address Translation (NAT), meaning they map several
themselves will have such a private IP address for their Ethernet or AirPort interface, and this is the IP address that is
used by VPN Tracker if the Local Address field is empty.
Because of this, the likelihood of two Macs using the same local address is very high: Many NAT routers are by default
configured to use the same private networks (192.168.1.0/24 and 10.0.0.0/24 are popular choices), and therefore there is
a good chance that two clients connecting from entirely different places will have the same local IP address assigned by
private IP addresses onto a single public IP address. The Macs
34
User IP Address
alice 10.22.13.1
bob 10.22.13.2
charlie 10.22.13.3
... 10.22.13._