Authentication
OIDC Authentication
VNS3 Licensing
Access Management
Clientpack Generation
Installing HTTPS
Firewall 2.0
Firewall
AWS Specific features
Firewall FWSets
VNS3 Variables
VNS3 Router
IPsec Configuration
IPsec Parameters
VNS3 Peering Mesh
Setting Topology Name
VNS3 Overlay Network
Snapshot Management
VNS3 Event Alerting
Network Address Translation
Traffic inspection
SNMP Support
VNS3 BGP Configuration Guide
Remote Support
Resetting VNS3
Upgrading
VNS3 Release Notes
VNS3 EOL Policy and Milestones
IPSec Connection Checklist
VNS3 Known Issues
VNS3 Specifications
VNS3 VPN Client tools
VNS3 Control Center
VNS3 setupNetwork Address Translation
Authentication
OIDC Authentication
VNS3 Licensing
Access Management
Clientpack Generation
Installing HTTPS
Firewall 2.0
Firewall
AWS Specific features
Firewall FWSets
VNS3 Variables
VNS3 Router
IPsec Configuration
IPsec Parameters
VNS3 Peering Mesh
Setting Topology Name
VNS3 Overlay Network
Snapshot Management
VNS3 Event Alerting
Network Address Translation
Traffic inspection
SNMP Support
VNS3 BGP Configuration Guide
Remote Support
Resetting VNS3
Upgrading
VNS3 Release Notes
VNS3 EOL Policy and Milestones
IPSec Connection Checklist
VNS3 Known Issues
VNS3 Specifications
VNS3 VPN Client tools
VNS3 Control Center
VNS3 setup
Overview
Network Address Translation is the process by which a local IP address is translated into a global IP address to provide network access to the “internal” local IP range. Many public clouds offer NAT products, often pricing by instance hour and per GB of data processed. Running VNS3 as a NAT instance can cut your costs dramatically.
Setup
Using VNS3 as a NAT device is simple:
- Launch VNS3 with Source/Destination Check Disabled in a subnet with access to the public internet
- Add a Source NAT or Destination NAT rule to your VNS3 firewall
- Add a cloud route table rule for the network routable via VNS3. For example, if VNS3 as a NAT gateway for public internet you would add a routing rule for 0.0.0.0/0 to route to your VNS3 network interface IP.
Example
Let 10.1.0.0/24 be a network running in cloud that requires access to the internet. Let VNS3 be launched with a static public IP of 54.32.30.10 and a private ip of 10.1.0.3.
- Add a route for
0.0.0.0/0to54.32.30.10. In AWS you will direct this route to the network interface. In Azure, you will set the Next Hop to be the private IP address of VNS310.1.0.3 - Add a VNS3 firewall NAT rule
POSTROUTING_CUST -o eth0 -s 10.1.0.0/24 -j SNAT --to 54.32.30.10. This replaces the source of traffic from 10.1.0.0/24 to the public IP of VNS3,54.32.30.10
Typically you would run VNS3 in a small subnet that has an internet gateway. All other subnets would be private and instead rely on routing traffic via VNS3 to the public internet.
Updated on 24 Apr 2020