We have many VPN connections to several customers who host their services in our NSX-T 3.1 Environment.
Every customer has it's own T1 to avoid IP conflicts (So 2 different customs can have same IP-Networks "at home" as those T1 Environments dont hav to communicate with each other)
Now we run into a Problem: One customer is running the Network inside our T1 Segment "at home" which he want to reach.
Customer address NAT-IP trough tunnel.
packet es decrypted and NATed to original IP:
See in Log-Inside:
But unfortunately communication is not established.
Turned to VM-Support (SR 21260137409) and they told: "I checked about the configuration that you've described and I found that there is a limitation with the NAT and the VPN that they cannot be done on the same tier router. "
To run VPN on T0 is no solution as there will be conflicts.
Has anybody has experienced this problem and has a solution?
Had the same problem. NSX is not designed to do it this way. They call it a limitation, which is fine.
It is probably most easy to let "at-home" change. 'Normally' at home is small 🙂 (I know, not always)
Or change the IP network on your side.