Hello FAM!

I have a topology as attached,

I have an Afrinic IP 101.101.101.0/24. 

I am using 101.101.101.10/30 on the outside interface of the FTD 2130. I use this interface to peer with remote clients/partners via ipsec vpn as well to my gcp cloud infrastructure.

onprem subnet is 10.185.0.0/16, with subset of resource in a vlan like 10.185.40.0/24. in gcp cloud subnet is 10.175.0.0/16 with a subset of resource in a vlan like 10.175.40.0/24.

while connecting to remote clients/partners under the encryption domain i dont use the private blocks rather i use natted IP from my 24 block afrinic IP. say 101.101.101.77 > 10.185.40.150 , with the design in mind of , when i need to failover client traffic to another DC, its transparent to them, i dont need them to change anything.

Now i have spanned up same service on cloud, which should run on 10.175.40.150 , i thought i just needed to amend the nat ip to 101.101.101.77 > 10.175.40.150 , and theoritically , the remote client traffic will be pushed to gcp, {assume all firewall rules allow traffic as needed}.

Practically is this theory correct? would the architecture design work?

run it as a test and realized traffic does not flow over to GCP, not forming encaps/decaps.

Might i have missed anything?

Regards,