Forum Discussion
HW_36020
Dec 14, 2011Nimbostratus
George
I have done something similar with a IpSec tunnel on my new v11 LTM that terminates the IPSec VPN and have another LTM behind it that NATS the traffic before it enters the tunnel. The way I have done this is created a VS on my downstream LTM that listens for the traffic on x.x.x.x:any with a custom SNAT pool.The custom SNAT pool ( ISP1_outbound) only contains the NAT address y.y.y.y for egress to the IPSec tunnel on my upstream LTM. This forces the traffic to be NAT'ed before it hits the upstream LTM and enters the tunnel so that the tunnel knows it is to be sent to the opposite peer gateway using ESP.
hope this helps.