Addressing - Netmapping vs. Direct - icom Connectivity Suite - VPN

  • Updated on Nov 7, 2024
  • Published on Nov 6, 2024

Addressing via Netmapping

Using netmapping allows that devices in the local network behind an INSYS router do not have to be reconfigured. A virtual network address will be assigned to the local network with this. Devices in the local network can then be addressed with the virtual address via the icom Connectivity Suite – VPN. The router replaces the network portion of the virtual IP address with the network portion of the local network and forwards the packet to the destination.

The two INSYS routers in the following example are configured such that the devices are accessible in the local network via netmapping, although the addresses remain unchanged in the local network. They don’t have to be reconfigured, although they have the same local network addresses.

Netmapping in INSYS routers with icom OS

If the router is configured by the icom Connectivity Suite – VPN, netmapping will be set up automatically. Appropriate NAT rules will be configured for this. Below NAT rules can be configured manually in the Netfilter menu on the NAT page. Further instructions for this are available in the inline and online help of the router.

The following NAT rules will be configured in the upper router in above example:

Source NAT rule:

  • Type: netmap

  • Protocol: all

  • Output interface: openvpn1 – icom Connectivity Suite – VPN

  • Source IP address: 192.168.1.0/24

  • Source NAT to address: 172.16.10.0

Destination NAT rule:

  • Type: netmap

  • Protocol: all

  • Input interface: openvpn1 – icom Connectivity Suite – VPN

  • Source IP address: 172.16.10.0/24

  • Source NAT to address: 192.168.1.0

The DNAT rule effects that packets in the VPN service that are addressed to addresses in the network 172.16.10.0/24 will be forwarded to the respective addresses in the local network 192.168.1.0/24. The SNAT rule effects that packets from devices in the local network 192.168.1.0/24 that are addressed to the VPN network will be provided with a destination IP address in the network 172.16.10.0/24.

This makes the devices in the local network (192.168.1.0/24) also accessible via the virtual network address (172.16.10.0/24) and they don't have to be reconfigured. Thus, the camera with the local network address 192.168.1.3 can be accessed externally via the address 172.16.10.3.

Netmapping in INSYS routers with ICOM OS

If the router is configured by the icom Connectivity Suite – VPN, netmapping will be set up automatically. Netmapping can be configured manually in the "Basic Settings" menu on the "IP address (LAN)" page of the INSYS router. Refer to the router manual for further information about this.

In above example, netmapping will be enabled in the lower router and the virtual network address 172.16.11.0 will be configured in the local network.

This makes the devices in the local network (192.168.1.0/24) also accessible via the virtual network address (172.16.11.0/24 below) and they don't have to be reconfigured. Thus, the camera with the local network address 192.168.1.3 can be accessed externally via the address 172.16.11.3.

Direct Addressing

With direct addressing, the devices in the local network will be addresses directly with their address via the icom Connectivity Suite – VPN.

This is shown in contrast to netmapping in the following example.