Natting internal to be translated by internal over VPN

Hi guys, 

I'm just trying to pick on brains here to see how possible is it, for me to achieve this.  So here's the scenario, From the attached picture, there's already an existing IPsec VPN with the prefixes in blue it works great no issues at all. Now there's an addition of new prefix block to the network and there's need to have these new prefix block to go over the vpn tunnel to the ASP to access resource that are in the 192.168.200.0/23 subnet. The down side to this is, the ASP said the wouldn't add the new prefix block(172.25.4.0/22) to the interesting traffic ACL.

I know that I could use nat to achieve this, whereby natting the new block to the existing prefix that has access to the ASP. But i can't seem to wrap my head around how to get this done. Why i say this is because the 172.25.4.0/22 block are configured as SVI's on the multilayer switch.  More like natting from inside to be translated by another inside IP address. But my fears is that doing this should not affect other pre-existing traffic. image I really would appreciate gestures on how I could conqurer this situation. 

Thanks a lot guys. 

 

 

Sign In or Register to comment.