IPSec VPN with overlapping networks

Showing results for 
Search instead for 
Did you mean: 

IPSec VPN with overlapping networks

L2 Linker

To begin with I know the document Configuring IPSec VPN between overlapping networks.

Due to my lack of experience still I am not able to understand how I should create the NAT rules.

My objective is to configure the IPSec tunnel only on "my" side - one that will be accessed and should allow access to some servers in the network. 


Below I put some aqnonymised configuration info: 

  IKE Gateway




IKEv1 only mode

Address type


Local IP Address


Peer IP Address


Exchange mode


IPSec Tunnel Proxy IDs



Local (NAT 1:1 – original subnet )



The overlapping network addresses are

I have to create a NAT rule to show them to the accessing partner as network.


I would be grateful if someone could tell me how to create this NAT rule with static translation.


Thank You a LOT! 🙂


Accepted Solutions

L2 Linker

Below is the configuration that finally worked.


Static Route







Security rules


View solution in original post


L5 Sessionator

Let's say partners want to access server at Chose an IP you will use for NAT, let's say it's (though any from that network would do).

All you need is a static destination NAT: source, destination, Destination Address Translation (with apropriate zones).


And also you will need a firewall rule to allow access with pre-NAT IP address and post-NAT destination zone.



I would like a rule that will translate any address in into a coresponding address in (>,> etc).

Can it bo done?

@Filip_Fronczak wrote:

I would like a rule that will translate any address in into a coresponding address in (>,> etc).

Can it bo done?

Yes, this is possible.

  • Destination address object:
  • Destination translation address object:

Is this enough or should there be something more?

Do I need on my side a NAT rule to translate the source too or a rule in the other direction?

Sorry for asking basic questions...


to [ LAN_Servers ]; from [ IPSec_xxx ]; source [ any ]; destination [ ]; service any; disabled no; destination-translation

Ignore my last post ... 

The NAT rule shoild look like this

  • Original source:
  • Original destination:
  • Type: Static IP
  • Translated source:
  • Translated destination: none

And what about the other way?

Traffic from the oher side that wants to arrive to servers in our network -

Check the bi-directional checkbox

So, it's this, right?


to [ IPSec_xxx ]; from [ LAN_Servers ]; source [ ]; destination [ ]; source-translation
bi-directional yes; translated-address;

Yes, looks correct.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!