1:1 Network NAT

With 1:1 NAT you can Map a whole network IP-range into another. This can be handy if you want to maintain a common local ip range like 192.168.1.0/24 but also have the possibilty to connect to each device with a “global valid” IP from the outside. All devices are remotely connected via the back-end network 172.31.0.0/24.

Common Example: Vehicles have installed ticketmachines, videocameras and other devices. Each vehicle has the same local network (192.168.1.1/24). E.g. a local connected technican wants to connect

• to the ticketmachine via 192.168.1.10,
• to the videocamera via 192.168.1.11
• and all other devices via 192.168.1.XX.

In addition you wan't have a remote connection to each device in each vehicle individually.

Vehicle 1 - 172.31.0.10:

• to the ticketmachine via 10.8.1.10
• to the videocamera via 10.8.1.11
• and all other devices via via 10.8.1.XX

Vehicle 2 - IP 172.31.0.11:

• to the ticketmachine via 10.8.2.10
• to the videocamera via 10.8.2.11
• and all other devices via via 10.8.2.XX

Vehicle NN - IP 172.31.0.YY:

• to the ticketmachine via 10.8.NN.10
• to the videocamera via 10.8.NN.11
• and all other devices via via 10.8.NN.XX

To avoid creating 3 or even more NAPT rules you can use the network based rules and do this with only 2 Rules.

10.8.1.0/24 → 172.31.0.10 10.8.2.0/24 → 172.31.0.11 10.8.NN.0/24 → 172.31.0.NN

Vehicle 1:

• Inbound: Map 10.8.1.0/24 to 192.168.1.0/24
• Outbount: Map 192.168.1.0/24 to 10.8.1.0/24

Vehicle 2:

• Inbound: Map 10.8.2.0/24 to 192.168.1.0/24
• Outbount: Map 192.168.1.0/24 to 10.8.2.0/24

Vehicle NN:

• Inbound: Map 10.8.NN.0/24 to 192.168.1.0/24
• Outbount: Map 192.168.1.0/24 to 10.8.NN.0/24

To Configure this scenario all you need are two rules per router - Veihcle 1

• Inbound NAT Rule

• Outbound NAT Rule