NAT after IPSEC
I have a client that is passing only a single subnet down an IPSEC tunnel. That is working great but I need them to access a resource in a different VLAN. I would like to simply direct them to an IP inside the subnet they have setup and NAT all traffic to the IP of the resource in the other VLAN. I tried setting up a Virtual IP and a 1:1 NAT but that doesn't appear to be working.
Any suggestions at how to implement this would be greatly appreciated.
Some crude visuals:
Remote: 10.25.1.0/24 <-> IPSEC <-> Local: 10.25.2.0/24
Local IP: 10.25.2.200 1:1 NAT to 172.16.10.200 thus allowing 10.25.1.0/24 to access the server that resides at 126.96.36.199 by locally accessing 10.25.1.200.
I've got the exact same problem, only 1 subnet through the IPSEC-tunnel, and trying to use a 1:1 NAT to reach resources on a different subnet.
Anyone know if this is possible? I think the main problem that it is not working, is that the source of traffic from the 'other side' is not a subnet-interface, but the IPSEC-interface. In het NAT-rule you can't select the IPSEC-interface, so the traffic is never matched against this 1:1-rule.