I currently have a 3rd-party vendor connecting to us over a VPN to our collocation. I am trying to move that VPN to a Google Cloud Platform VPN. I can/have created a few VPNs to a project and that is all very simple.
My problem lies in the requirements of our 3rd-party vendor. They require that they send you traffic using the same IP as your VPN. For instance, if my VPN endpoint is 2.2.2.2/32 and the 3rd-party is 5.5.5.204/32. They expect to send me traffic to 2.2.2.2/32, to avoid overlapping CIDRs. I accept that traffic from the tunnel and use a source NAT to route it to the correct place. In turn, I use a destination NAT to route the traffic from a VLAN to the tunnel.
I am doing this using Juniper SRX and I understand the reason for the requirements, they are a huge vendor. Before we put in the request we want to be able to prove we can do it and so far I am not able to create this configuration in testing with GCP.
Is this possible at all? It seems that there isn't any source NAT'ing at all. I have looked at Creating a static internal IP. I have looked at Protocol forwarding. Maybe protocol forwarding would work, but I don't see how if it does. I know that I am going to be receiving TCP traffic on a specific port. I am thinking that I could then create a target pool to forward that traffic to. I still have the problem that they will only be sending me traffic to an IP that is not in the network and I can't see how to get it over without a NAT.
