I am struggling with this setup. The goal is easy: i have a remote site connected with VPN to the main office. The VPN router of the remote site is sitting behind the provider modem/router on the inside, on a private subnet 10.10.10.0/24, so the IPSEC gets natted. Host x can connect to each host y on the private part of the network. No problem so far.
But now, i want to simply connect to the provider modem/router from the main office.
Attached you find a topology drawing explaining the goal.
The 10.10.10.0/24 range is NOT part of corporate routing or encryption domain.
I want to translate host x to 10.10.10.3/24 when it connects to the modem.
But since 10.10.10.x/24 is not know in the main office, i also need to create a "dummy" destination for 10.10.10.1. For that i created a new loopback on the router: 10.8.8.0/30 which is part of the encryption and routing domain of the enterprise. The router is 10.8.8.1. The goal is that 10.8.8.2 represents the modem destination (10.10.10.1)
I tried with the following rules:
ip nat inside source static <host x> 10.10.10.3
ip nat outside source static 10.1.10.1 10.8.8.2
but that doesn't work. Any ideas ?