How to set VPN server with static IP without DHCP on

Allow incoming IPSec authentication

if it's not already checked, and save the change.

I read your question. You don't need a VLAN to run a VPN server. If you have some reason to run a VLAN, you haven't stated what it is.

I have public IP mapped to private IP at the gateway firewall; different IP addresses are mapped to the same or to different internal (NAT'd) IP addresses. This is based on the capabilities of the gateway firewall. Not all can remap multiple addresses.

DHCP is running on the internal network.

The VLAN is a network switch-level construct, and handy for partitioning internal traffic for various reasons including security and load. You might have a DMZ VLAN, for instance.

If the host you're terminating your VPN on is at the internal address 10.0.0.1, then it's common to use 127.0.0.1 (IP for localhost; self) to address it. There are various cases where you can't refer to the local host by its canonical IP address as a NIC inherently can't chat with itself on an Ethernet network.

FWIW and for smaller networks, I also usually prefer to terminate the VPN connections at the gateway firewall, as it avoids running the VPN through NAT. That also avoids dependencies on an internal host; you're much closer to "being" another host on the internal network.

Is this what you did:

Setup a VPN server with Mavericks Server 10.9

You need a Static IP address if you are the center of internet activity. Thinking of hosting a gaming server or a website? A Static IP is your ticket to a smooth session.

Advanced internet users will agree with me when I say that it can be hard to do anything of this mangnitude with a normal (shared) IP address. But that doesn’t mean you need to give up on your internet freedom and online security. Modern VPN services are now equipped to provide users with Static IP addresses.

If you are a new/experienced VPN user and looking for a static IP address but do not want to let go of the online freedom that a VPN provides, then you can always use one of the few leading VPN service providers who offer Static IP addresses. Here are some of the top VPN services for static ip

AmmarNaeem wrote:

You need a Static IP address if you are the center of internet activity.

Per the original posting in this thread...

jorost wrote:

My ISP gave me a static bublic IP address.

...a static IP address is available, so there's little need here to route network traffic through a third-party cloud-based VPN service.

I'm somewhat surprised that security and freedom are cited in conjunction with a cloud-based VPN service, as cloud-based VPN services are almost inherently vulnerable to a party that might choose to eavesdrop on the traffic traversing the cloud-based servers — that traffic can be in cleartext while it traverses the VPN server, too. This in addition to the obvious risks that arise when the cloud-based VPN server can identify the connection source via its IP address. (If a user really needs security or privacy, then Tor and a VPN client booted from an trusted distribution such as Tails would be a typical recommendation.)

In the case of the original posting and the question here, the user can configure VPN clients and VPN into the local network via a VPN server in the firewall (as available), or into the VPN server present in OS X Server — this using the static IP address that's available to this user.