# Accessing a Private Network This tutorial will describe securing access to a private network using a Pritunl server. The diagram below shows the network topology for this tutorial. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FvRaoFy26l5tCjnzzTiDJ%2Faccessing_a_private_network.png?alt=media\&token=b405a5ca-a139-4c3a-b338-e581a9e5fc57) First remove the `0.0.0.0/0` route from the server. This route tunnels all internet traffic over the vpn, for this setup only the traffic for the private network will be tunneled. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2Fs3kS9ikoRMMliS9D6iqK%2Fprivate_net0.png?alt=media\&token=f12fc928-832e-4059-a690-6cbf32871058) After this route is removed add a route for the private network with the network address of `10.50.0.0/24`. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FJTTeIwmQLA6805C8L8A4%2Fprivate_net1.png?alt=media\&token=5a1cb653-86d1-4972-86dd-57fd2b28a6d8) Once the route has been added there should be only two routes on the server. One for the vpn virtual network and the route to the private network. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FpVnyjNKdaQDdVcIUMFN4%2Fprivate_net2.png?alt=media\&token=fc9998a0-e84f-4381-817a-429561ec48c0) The server can now be started and connected vpn clients will have access to the `10.50.0.0/24` private network. ### Private Network Access Without NAT (Optional) By default Pritunl will NAT vpn traffic going to private networks. This eliminates the need to create static routes on the router. If NAT is not wanted it can be disabled by modifying the route and unchecking *NAT Route*. For AWS static routes are best managed using [**AWS Route Advertisement**](https://docs.pritunl.com/kb/vpn/tutorials/aws-route-advertisement). ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FApb45axPzl7XLBYy0p9A%2Fprivate_net3.png?alt=media\&token=c41138f8-cb75-4c94-a336-59d17975ede3) Once NAT has been disabled a static route must be created on the router. This will be different depending on what router is used. The image below shows adding a static route on an Ubiquiti EdgeRouter. The destination network for the route will be the virtual network in the server settings and the next hop address will be the local ip address of the Pritunl server. ![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FJvPwWAMgBpKASLUJQs90%2Fprivate_net4.png?alt=media\&token=93982487-8bdc-4c92-808d-0fa9e6f3c894) It may also be necessary to modify the firewall of the router to allow traffic from the vpn network. Once complete vpn clients will have access to private network without NAT. ### Amazon Web Services Routing When NAT is not used on AWS the source/dest check must be disabled for the network interface attached to the Pritunl EC2 instance. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/tutorials/accessing-a-private-network.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.