Cisco VPN3030 Lan to lan NAT senario ?

[mbilgrav]

Setup:
ClientA--NetA--VPN3030 ....@.... FW-1NG--NetB--Server

Desc:
ClientA on NetA (10.0.0.0/8) needs access NetB Server (Host=172.16.0.1)
Via Lan to Lan tunnel set up between Cisco VPN3030 and a Checkpoint FW-1 NG.

Problem:
NetB Server (Host=172.16.0.1) subnet is also routed elsewhere on NetA.
Also NetA subnet is routed locally on NetB
I need "one-sided" NAT

Here is what I have done:

- Reserved an IP from local pool in VPN3030 IP=192.168.100.100
- Create L2L with Peer for FW-1, PSK, Local network=192.168.100.100 /32 Remote=172.16.0.1/32
- Create L2L-NAT rule and enabled it: Source=10.0.0.0/8:Trans=192.168.100.100/32 Remote=172.16.0.1/32
- Add Static route towards public interface for 192.168.100.100/32


This does not work. My guess is that the NAT rule is wrong, or that the terms source:trans - Remote means different

that I imagine.

Is it true that the above NAT rule means that 10 gets its source translated into 192.168 ?
And how must I interpritate the Remote ?

What I want to do, is to have ClientA on NetA (10.0.0.0/8) access the IP=192.168.100.100/32 and have this translated

into 172.16.0.1/32, and then put this into the tunnel towards FW1-NG

How can this be done in the VPN3030 ??


Please comment ...

Regards
Martin Bilgrav