I am trying to do a IPSEC VPN between 2 sites (Main Site and Remote Site). We need NAT due to conflicting networks.

We are doing all the NAT at the Remote site, and zero natting at the Main Site. I do need bi-directional NAT.

What I am trying to accomplish is bi-directional NAT as well as PAT working for these hosts to access the internet.

Network info:

Main Site: 1.1.1.0 /24

Remote site Actual network: 192.168.1.0 /24

Remote site NAT: 172.16.1.0 /24

So I am trying to NAT 192.168.1.0 to 172.16.1.0

This is what I have tried so far and my results:

1. I have used a route-map to NAT the remote site from 192.168.1.0 to 172.16.1.0 only when it goes to the 1.1.1.0 /24 network.
   1. NAT works fine from Remote -> Main, and PAT works fine for 192.168.1.0 /24 hosts to the internet.
      1. I used a NAT pool with a type match-host to maintain the host octet.
   2. NAT does not work from Main Site to Remote site, unless the remote site establishes a NAT entry, which is not feasible in our environment.
2. I have used a static nat entry using network: ip nat inside source static network 172.16.1.0 192.168.1.0 /24 extendable no-alias
   1. This works exactly as expected in terms of bi-rirectional NAT, I am able to ping from the main and remote sites without needing NAT established, due to the fact this is a static NAT.
   2. The problem with this one is, PAT no longer works, we have the usual PAT setup using a route-map and overloaded nat statement for our internet facing interface.

I think I am going about this the right way, but any thoughts or comments would be helpful to help me solving this problem.