So I have 2 RB2011’s that I need to use for a support situation. Site to site ipsec, with a requirement that the remote router is not the default gateway at the remote site, it will be 10.0.1.2/24.
The VPN works great, set it up according to the setup guide, no issues whatsoever. The problem I have is that I need the ability to src-nat all tunnel traffic to the remote site. When I need to talk to the PC’s, it obviously has to show the src ip as 10.0.1.2, not my actual PC IP.
I’ve tried it probably 100 different ways, ranging from specific src nat policies to just a very simple masq policy that said anything to 10.0.1.0/24, masq on src-nat chain. Results are the same every time, I get zero packets hitting the nat statement.
My issue closely follows this one, and the only followup post suggested proxy arp. Not a workable solution here, I would much rather src-nat it. I know it has to be possible, I have done this same thing on PaloAlto, Juniper, SRX, just can’t find the magic combination here!