ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

SSG20 Assistance with VPN Tunnel

‎08-21-2018 09:52 AM

We have been asked to create a VPN tunnel between a vendor and a site of ours.  The vendor is claiming our internal address is already taken by another client.  For arguments sake, we will say it is\24.  They are requesting we present\24 to the tunnel as our address and let our firewall translate it to the correct local IP address.


I have never done this before and I am  not sure where to begin or even the proper terminology to google a solution.


I am only familiar with the ScreenOS and not console into the device.  Any assistance in direction would be appreciated.

ScreenOS Firewalls (NOT SRX)

Re: SSG20 Assistance with VPN Tunnel

‎08-21-2018 11:38 AM

I hope at least Vendor's subnet can be used at your side and not taken by anyone else.

1: if you use then vendor PC will initiate traffic to 10. series ip, it will be pushed through the tunnel.

2: once it's decypted at your end then a subnet nat can used to map to your actual subnet.

E.g. : host and subnet mip for reference

Note: the VPN will be between the customer side subnet and 10 series subnet , proxy I'd etc should be accordingly. And then the mip trigger for the clear text traffic.

ScreenOS Firewalls (NOT SRX)

Re: SSG20 Assistance with VPN Tunnel

‎08-21-2018 10:25 PM



Basically, you are looking at an issue with overlapping subnets between 2 sites.

Pretty simple to workaround on a ScreenOS device.


This article will be of help:


Please review it and update this thread with any query you might have.