While I agree with Bob that the 192.168.x.x IP space is overused and should be avoided when possible, I do not agree that it is the easiest thing to change. Even if you use another private IP space there is always a chance that you will find overlap with a network with which you need to setup a VPN. You should migrate to something else if possible, though. Most of my IPSec VPNs are to vendors or associate organizations that I do not want to expose my internal IP scheme to. So, I use NAT on all of those IPSec VPN connections. All day every day. What I don' t do is NAT entire subnets in these cases. I only include NAT rules for " interesting traffic" (ie, traffic for individual nodes that need to communicate across the VPN). If that is an option for you then it might make the setup easier. Since you have subnet overlap in your particular situation you will have to write translations for both directions. Use Virtual IPs for policies controlling traffic that is remotely sourced and inbound to your network. If needed, use IP Pools for policies controlling locally sourced and outbound traffic. Use the translated addresses in your Phase 2 definitions of your IPSec VPNs. If you' re using Interface Mode VPNs then make sure you setup routes for your translated addresses to point down the correct virtual VPN interfaces. I hope that helps get you started.

Hello Thank you all for your advise. Yes, I need to set-up VPN network between my subnet and corporate network. But in my network I have more than 150 nodes, and other vpn connections, so i can' t change my subnet address. So, I need to be sure how to create this vpn connection using NAT and I give you example: e.g (imaginative sample data) corporation wan: 73.122.40.151 Internal subnet: 192.168.160.0 /24 My subnet wan: 84.169.15.6 Internal subnet: 192.168.14.0 /24 My virtual translated subnet will be: 10.114.1.0 /24 Steps that I must to create: 1. create VPN connection and in phase 2 i put my translated addres i.e: 10.114.1.0 Name: vpn_corporation Phase 1 (Ip address): 73.122.40.151 Phase 2 (Source Address): 10.114.1.0 /24 Source Port: 0 (Destination Address): 192.168.160.0 /24 Destination POrt: 0 Protocol: 0 2. create Virtual IP (two virtual IPs) Name: Corporation IN External Interface: vpn_corporation Type: Static NAT External IP Address/Range: 10.114.1.1 - 10.114.1.255 Mapped Ip Address/Range: 192.168.14.1 - 192.168.14.255 Name: Corporation OUT External Interface: vpn_corporation Type: Static NAT External IP Address/Range: 192.168.14.1 - 192.168.14.255 Mapped Ip Address/Range: 10.114.1.1 - 10.114.1.255 3. Add policy to firwall Internal -> vpn_corporation source address: all destination address: all service: ANY Action: Accept Enable NAT vpn_corporation -> Internal source address: 192.168.160.0 /24 destination address: 10.114.1.0 /24 service: ANY Action: Accept Enable NAT 4. Finish Questions: Is that all ? Do I forgot something or made a mistake ? I want to do also accurate mapping my source address to translated address e.g printer with have address 192.168.14.40 should have address 10.114.1.40 and all my devices also in this way. How can I do that ?