Thank you @liviu.gheorghe .

unfortunately i don’t have VPN configuration on hand right now, but generally we are using OpenVPN with certificates assignment.

the basic router setup is WAN cable connected to port 4 (DHCP) and local devices 192.168.0.x/24 connected to port 3.

the router is configured to route all traffic from 192.168.0.x/24 through VPN to remote server. But before doing that, i need to internally translate 192.168.0.x to 172.172.160.x so it doesn’t cause conflict when it reaches the remote server.

NAT seems to be the best option as you mentioned, one question though, shall i configure Source NAT or Destination NAT?

The reason I was asking about the VPN configuration was to determine if the routers are Cisco and the VPN is configured using GRE tunnels.

This one way of solving your problem - all the traffic that needs to go to the other side, determined by routing protocols, goes through a GRE tunnel and this traffic is encrypted.

Using a GRE tunnel is also easy for the configuration of source NAT - the lan interface is "inside" and the tunnel interface is "outside".

You also need to define a pool of addresses into which you will translate the IP's from inside and also define an access-list that will match the IP's from inside.

All comes toghether with the command ip nat inside source list <access-list name or number> <ip pool name>

Hope this helps.

Yes it supports NAT

If I correctly understand your requirement' you need to NATing the IP before it forward via tunnel.

This need LO under this LO interface we config IP NAT outside

Then we config ip nat inside in interface traffic come from and PBR in such the traffic forward to LO if destination is remote-lan (via vpn).

This make traffic go to LO then NATing then forward via VPN.

MHM