Destination NAT for Route base VPN

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Destination NAT for Route base VPN

L0 Member

We have an requirement to set up a route base VPN, but remote proxy IP subnet clash with an existing remote subnet.


We are planning to use destination NAT, but not sure, how the routing will be controlled.


Please help to solve this problem.


Cyber Elite
Cyber Elite

will the remote end participate in fixing the overlap? you could SNAT  to a fictitious subnet on the tunnel and have the remote do DNAT for the incoming packets

your end would be connecting TO fictitious IPs and be source NATed inside that same fictitious subnet (you can attch it to the tunnel interface for ease of use)

the remote would be receiving connections to/from a fictitious subnet they'd need to destination nat to the appropriate servers


else you'll want to look into policy based forwarding as regular routing is applied after NAT and DNAT will be an issue in this case

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!