Configuration examples

NAT configuration example

Let’s consider the case described in the following figure, where a Turbo IPsec interconnects two IPv4 sites with an IPv4 WAN. On the first LAN, there are two machines (Host 1 and Host 2). An FTP server (Host 3) is located on the second LAN.

Below, we are going to describe the connections between these three machines and a host on the WAN:

Connection 1
The session is open from Host 1 to Host 4. It is the typical case with dynamic NAT.
Connection 2
The session is open from Host 4 to Host 2. The destination address of packets from Host 4 is Turbo IPsec is configured to redirect the traffic to Host 2. In this case, a static association is defined.
Connection 3
Host 4 opens an FTP session on Host 3. A static address translation rule specifying the protocol and port number is defined on Turbo IPsec.

Three connection examples with NAT

The corresponding Turbo IPsec configuration will be:

Configure IP addresses and default route.

router{conf:myconfig-rtg}route default-ipv4

Enable NAT and define the public NAT interface. Host 1 will be seen on the internet with the address

router{conf:myconfig-nat}public interface eth2_0
router{conf:myconfig-nat-eth2_0}nat enable


Selecting a public interface and enabling NAT on it is enough to configure NAT in dynamic mode. At this point, connection 1 will be successful.

Create a static association for connection 2: a bidirectional connection for IPv4 hosts that need to reach Host 2. Host 4 may open a session to Host 2 if the packet’s destination address is The packets will be automatically forwarded to Host 2 (

router{conf:myconfig-nat-eth2_0}static 100 public private

Create a static address translation rule for TCP protocol on port 21 for connection 3. The FTP packets sent to the public address, will be automatically forwarded to Host 3 (

router{conf:myconfig-nat_eth2_0}static 110 protocol tcp public private