NAT Network for IPSEC tunnel

Hi Everyone,

I am new to this forum and I hope i will heve your support in finding a solution on my issue.
So, i have configured several Peers on my Vyos and I am going to configure a new one for a customer.
He has unfortunately same internal network as my local prefix and that´s why I need to NAT this network but I don´t know how to do it on Vyos. In addiction, will it cause some sort of issues on the other Peers?

In the configuration below I just exported one of out of the 4 Tunnel I created as an example. So how do I NAT the network:
vpn {
ipsec {
esp-group esp {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha256
ike-group ike {
dead-peer-detection {
action restart
interval 15
timeout 60
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 5
encryption aes128
hash sha256
peer x.x.x.x {
authentication {
mode pre-shared-secret
connection-type initiate
default-esp-group esp
description vE-K
ike-group ike
ikev2-reauth inherit
local-address y.y.y.y
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
local {
remote {

thank you in advance :slight_smile:


You could configure IPSec VTI and hide subnets behind tunnel IP-address.

NAT: VyOS User Guide — VyOS 1.3.x (equuleus) documentation