 Re: NATing src & dst for site-to-site AND SecureClient
Thanks for your responses.
We are using Traditional VPNs, not communities. Routing all traffic through the tunnel is not an option. We are using DHCP to allocate Office Mode IP addresses in the 10.x.x.x range to our SecureClient VPN users. So in effect our NAT rule needs to be:
VPN-Pool-10.x.x.x | nat-Dest-IP | nat-Src-IP (hide) | real-Dest-IP (static)
Is this method of double NATting possible? Should it work? |