IPSEC VPN with multiple ISP and NAT
I am trying to figure out how to configure a IPSEC vpn with NAT for multiple ISP's. Right now I understand how to do it with just one by created the IP Pool, Virtual IP and using those in the firewall rules but the issue is I need to do this with a VPN tunnel that has NAT.
- Internal: 192.168.0.0/22
- Internal NAT: 10.220.28.0/22
I understand the basics:
- Create VPN Tunnel (In this case VPN_1 and VPN_2)
- Create Virtual IP that is bound to the VPN tunnel (VPN_1) using External Range 10.220.28.0/22 and Mapped range to 192.168.0.0/22
- Created IP Pool (Name: Translated_Pool) with Fixed Port Range and External range is 10.220.28.0/22 and internal range is 192.168.0.0/22
- Create firewall rule for Internal to VPN_1 and NAT to the IP Pool (Translated_Pool)
- Create firewall rule for VPN_1 to Internal with the destination being the Virtual IP
Now here is the problem:
- I need to do this for the second ISP which is using VPN_2 vpn tunnel. I cannot create another Virtual IP that is bound to VPN_2 because it complains about the range conflicting with the VPN_1 virtual ip.
- I cannot use a single virtual ip bound to "any" because it will case the internal network not to be able to communicate. (my assumption is because it is trying to translate everything on the 192.168.0.0/22 to the 10.220.28.0/22)
So what is the best way to accomplish this? I don't really want to create another Virtual IP with a totally separate subnet because that means I need two fake subnets on the other end.