![watchguard mobile vpn with ipsec setup watchguard mobile vpn with ipsec setup](https://slideplayer.com/slide/234010/1/images/5/Mobile+VPN+with+IPSec+--+Shrew+Soft+VPN+Client.jpg)
If NAT loopback is configured with 1-to-1 NAT, the client must use the VPN to route traffic to the NAT base IP address.If NAT loopback is configured as a static NAT action, the client must use the VPN to route traffic to the IP address used in the static NAT action.
![watchguard mobile vpn with ipsec setup watchguard mobile vpn with ipsec setup](https://watchguardtech.files.wordpress.com/2013/08/vpn.png)
The client must use the VPN to route traffic to the server IP address.To allow Mobile VPN users use NAT loopback, the mobile user and VPN policies that allow traffic from VPN clients must meet these requirements. Mobile VPN with IPSec - You must use 1-to-1 NAT to enable NAT loopback for traffic from the Mobile VPN clients because Mobile VPN with IPSec policies do not support static NAT actions.Mobile VPN with IKEv2, L2TP, and SSL - You can use static NAT or with 1-to-1 NAT to configure NAT loopback from the Mobile VPN clients.You can configure NAT loopback with static NAT or with 1-to-1 NAT. If Mobile VPN users connect to your trusted or optional networks, and route Internet traffic through the VPN tunnel, you can configure NAT loopback for the traffic from the Mobile VPN clients. NAT loopback enables a user on the trusted or optional networks to connect to a public server with the public IP address or domain name of the server, if the server is on the same physical Firebox interface.