how can I achieve it in an elegant way to nat before packets are entering the ipsecv2 vpn:
client in Site 1 internal network: a.a.a.1/24
mtk: a.a.a.10/24, a.a.a.11/24, a.a.a.12/24 (and so on mtk should use up to 70 addresses)
server in Site2 internal network b.b.b.1/24, b.b.b.2/24 .....
packets originating from client a.a.a.1 to dest a.a.a.10 should be redirected to b.b.b.1 with a source of a.a.a.10
packets originating from client a.a.a.1 to dest a.a.a.11 should be redirected to b.b.b.1with a soruce of a.a.a.11
packets originating from server b.b.b.1 to client a.a.a.1 shoud be masqueraded with one of the mtk source addresses, e.g. a.a.a.70
the cisco way it was like:
description LAN Interface1
ip address a.a.a.70.250 255.255.255.0
ip nat outside
ip nat inside source static b.b.b.1 a.a.a.10 route-map myroutemap
any idea how to get there with a RB4011?
thx in advance,