@derelict said in IPSec local network subnet size and NAT size error:
@mamawe As far as I know that type of NAT has never been valid on an IPsec tunnel. You can do 1:1 or Many:1 but not Many:Some_Other_Size_Many.
Maybe it wasn't clear from my answer.
I used Many:1-NAT and 1 address for our side of the VPN traffic selector.
The last two sentences referred to the peer VPN gateway.
Some implementations allow to negotiate a smaller traffic selector in phase 2 as was configured (1 address instead of a subnet). With these you don't have to change anything at the peer VPN gateway.
If the peer VPN gateway insists on using the correct traffic selector, you have to have the peer VPN configuration changed.