We have many VPN connections to several customers who host their services in our NSX-T 3.1 Environment.
Every customer has it's own T1 to avoid IP conflicts (So 2 different customs can have same IP-Networks "at home" as those T1 Environments dont hav to communicate with each other)
Now we run into a Problem: One customer is running the Network inside our T1 Segment "at home" which he want to reach.
Solution: NAT.
Customer address NAT-IP trough tunnel.
packet es decrypted and NATed to original IP:
See in Log-Inside:
192.168.178.120->172.20.11.4-OR 192.168.124.235
But unfortunately communication is not established.
Turned to VM-Support (SR 21260137409) and they told: "I checked about the configuration that you've described and I found that there is a limitation with the NAT and the VPN that they cannot be done on the same tier router. "
To run VPN on T0 is no solution as there will be conflicts.
Has anybody has experienced this problem and has a solution?
Best regards
Sascha Bremshey
NSX-T Newbee