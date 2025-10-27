Each subnet (directly-attached or routed) must have a unique address space within your WAN Tunnels. You can re-use address spaces locally by enabling static network address translation (NAT) for a subnet. NAT is static. This means that inbound connections - from WAN Tunnels to the site behind the Appliance - are allowed, and connections do not have to be initiated by hosts behind the Appliance. NAT is also 1:1, that is, the Appliance will translate between corresponding addresses in two equal-sized prefixes.

To enable NAT, supply a WAN-facing address prefix the same size as the subnet's prefix, and the Appliance will translate between the two.

For example:

Prefix : 192.168.100.0/24

: Static NAT prefix: 10.10.100.0/24

With the example above, outbound traffic from host 192.168.100.13 in the subnet is translated to 10.10.100.13 in the Appliance (and vice versa for incoming traffic).

Note Even if NAT is enabled, the local prefix for a subnet must be unique within its LAN. It can, however, be reused on other LANs or other sites. Overlay-facing prefixes - that is, a subnet's NAT prefix if NAT is enabled, and its local prefix otherwise - must always be unique across your whole WAN Tunnels.

Create NATs for subnets

