If the remote end is say 188.8.131.52 but I need to nat that to 184.108.40.206 and use that to connect to, then it gets encrypted, then
1) I need to nat 220.127.116.11 to 18.104.22.168
2) I need to define the interesting VPN traffic destination as 22.214.171.124
3) as I have general NAT in place, and the VPN endpoint is out the outside interface, I need to make sure that I do not nat it again, before it leaves the interface for encryption so "access-list no-nat permit x.x.x.x x.x.x.x host 126.96.36.199"
4) 188.8.131.52 as a desitnation must no
Rememer the flow is NAT>Route>Encrypt. Use your favorite search engine and look for "identity nat" and "double nat"
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...