NAT from Site2Site to virtual subnet

Showing results for 
Show  only  | Search instead for 
Did you mean: 

NAT from Site2Site to virtual subnet

L0 Member

i have a problem with an Site2Site VPN connection.


i need an option to get access from external to my internal network but we have the same subnet


so i need access to but from the outside (Tunnel) i will use the ip


how i have to configure this?

i hope somebody has an idea for this




L4 Transporter

The easiest option might be to use NAT policies on your tunnel. A dynamic IP pool would let you dest NAT to However, if the source subnet on the remote side is in conflict, a src NAT policy might need applied on that end as well.

can you give me a little more detailed information how to configure this.



Assuming this diagram matches what you are trying to do, you'll want to apply a source NAT policy for the tunnel traffic on the remote firewall, so that their traffic appears to come from a network other than If the servers on the local network don't need to know the individual client IP of the source traffic, a single address can be used for a many-to-1 source NAT policy policy. Otherwise, if the ability to discern individual source IPs is needed, several 1-to-1 source NATs will be needed (Palo Alto can do this as a pool). In this example I've used (many-to-1) and (1-to-1) for the Remote Site source NAT addressing.

On the Local Firewall, you'll want to use a 1-to-1 destination NAT policy where the pool of addresses translate to You can find the details on how to configure these policies here:



  • 3 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!