I need a hand with this one. I have a cisco 1841 router acting as the 'hub' for a handful of static VPN sessions (other companies). The physical configuration is fairly straight forward.
1841 has a direct connection to the outside (ARIN-allocated IPv4 address space), and an inside connection to a DMZ that I reserve for just this particular type of traffic. The VPN peers are using a mixture of devices on the other side (some cisco, some non-cisco) that I do not manage. Being other companies, the remotes all have their own IP addressing schemes.
My configuration works fine as-is, until a new requirement came my way recently. I need to allow transport between one remote and another, so I will have to NAT both the source and destination in both directions.
Since I have no ownership/control over the remotes in terms of design or hardware, I'm not able to use IOS IPsec VTI's, because typical remote will not agree to an SA list of permit any/any. Therefor, I'm using regular crypto maps to support this topology.
Any advice is appreciated. Thanks!