No-Nat Mode; Nat Mode - Nokia IP40 User Manual

13
Working with VPNs
To access a resource that is protected by a VPN in NAT mode, you must contact the hiding
(Internet) address of the VPN gateway. Your request is then forwarded to the correct computer in
the protected network according to the defined security rules.
To access a resource that is protected by a VPN in No-NAT mode, you must contact the IP
address of the final computer in the destination network that you want to reach.
Note
You can establish VPN tunnels between a combination of NAT and No-NAT devices. This
possibility is not discussed in this guide.

No-NAT Mode

Use no-NAT mode in site-to-site VPNs, where bi-directional initiation of traffic within a VPN is
required between hosts with routable IP addresses.
Note
You can only use No-NAT mode with IP40 Satellite X.
The Figure below shows a site-to-site VPN in No-NAT mode. Both VPN peers are considered
site-to-site VPN gateways, and traffic is directly established from the source host to the
destination host. In this example, hosts on either network can initiate traffic to hosts on the peer
network. Both Network 1 and Network 2 are using routable IP addresses.
Figure 7 No-NAT Mode

NAT Mode

NAT mode should be used in site-to-site VPNs, where bi-directional initiation of traffic between
networks using private IP addresses is required.
The Figure below shows two instances of a site-to-site VPN gateways in NAT mode.
146
IP40 Satellite
Routable IP
Network-1
FW-1/ VPN-1
Internet
Initiate VPN Tunnels
Routable IP
Network-2
00408
Nokia IP40 User Guide