Hi, need to do translate destination address (destination NAT) of a packet before entering the VPN IPSEC Tunnel. This is our topology: Client A -------X-| Fortigate | -Y------(VPN)--------| SonicWall |-Z----------Server B Client A: 10.1.1.1 Server B: 10.2.2.2 Server as seen by client: 10.10.10.2 Client A sends packet to Server B: Packet at " X" interface: IPsource: 10.1.1.1 IPdest: 10.10.10.2 Would like to have packet at " Z" IPsource 10.1.1.1 IPdest: 10.2.2.2 -Cannot change configuration on SonicWall ( nor substitute it with Fortigate), -Cannot operate on DNS name resolution -Would really need to change destination address on Fortigate before the packet enters VPN tunnel Have tried using VIP (applied on interface " X" ) but packets seen on " Y" VPN interface ( diagnose sniffer packet interface VPN) are not translated Thank You very much