Three sites (1, 2, 3) all running R77.30.
Site2 acts a VPN hub, with both Site1 and Site3 having tunnels (to center only) established to Site2.
We're trying to access Site3 from Site1 with the NAT rule on Site2:
Original Source: 126.96.36.199
Original Destination: 188.8.131.52
Translated Source: 184.108.40.206 (Hide)
Translation Destination: 220.127.116.11 (Hide)
Is this the right way to do it?
The NAT rule works. We see traffic encrypted from 18.104.22.168 to 22.214.171.124, but from 126.96.36.199 to 188.8.131.52, according to the tracker, it's sent in a clear text (just says Accept), although the rule number is correct and it's set to encrypt anything from 184.108.40.206 to 220.127.116.11 using Site2-to-Site3 VPN community.