How to set up 1:1 NAT on Lock (Lock & Client mode)

Modified on Thu, 10 Mar 2022 at 07:50 AM

Sometimes you don’t have the possibility to use the Lock default IP address range, e.g. when you need to connect to a device located in an established customer network. For one location this is generally not a problem, you just change the Lock IP address range on LAN side to match customer network. 

However, you may encounter the same IP address range at another customer, in which case you could only connect to one location at a time. This is not feasible in cases where you need continuous monitoring of your systems at all your remote locations. The solution is the 1:1 NAT on Lock. (Note that NAT is a Layer 3 protocol and will not work with a Layer 2 connection).

1:1 NAT means that the device IP addresses on LAN side of the Lock are directly mapped to NAT IP addresses at Key (or Central Lock) side.

Lock in Lock mode:

NAT can be set on Lock Network > LAN settings

For example, you have defined

  • Lock LAN IP as with netmask of and
  • device on that network is

Then you simply set the NAT on  and either let the Lock designate the NAT IP network address or manually define one, e.g.

From Key side, you can then access the Lock user interface with the NAT IP and the device with IP

Continue setting up the same LAN IP and netmask to other Locks, enabling NAT and taking care the NAT IP is from different network for all Locks. You will end up having a setup similar to the example network above where

  • all your Locks have the same LAN IP settings
  • all devices have the same IP address defined
  • Devices on Lock LAN communicate using this IP address range locally
  • From Key side you can be connected to all sites simultaneously and communicate to remote locations using NAT addresses

Lock in Client mode:

NAT can be set on Lock Network > LAN settings

  • no physical WAN connection
  • only physical LAN1-3 connection
  • DHCP on LAN1-3 wont work in client mode (only static address mode)
  • assign static ip address + subnet
  • assign gateway ip address (important)
  • assign dns server
  • configure 1:1 NAT