I have a problem whereby I would like to configure DUAL NAT across an IPSEC VPN i.e. I have overlapping address space between the two VPN endpoints.
10/8 -- SRX ------INTERNET ------- Cisco IOS------ 10/8
<----------- IPSEC VPN --------->
^
|
Dual NAT (Static)
The problem I have is that if I configure a policy VPN the policy will not reflect the proxy-ids of the remote side. i.e. the policy will include the pre-NAT source address and the post NAT destination address. Whereas the remote side (IOS) proxy-id will have the two post natted addresses.
If I manually define the proxy-ids as the two pre-natted addresses so as to match the IOS VPN. The SRX sends any any proxy-ids.
Has anyone got any hints that may help out in this case.
Thanks very much
Tom