My router has three interface fa0, fa1 and fa2. fa0 connects to the internal network. fa1 connects to the internet and fa2 connects to a customer network. This customer network requires me to access to their network only via NAT on fa2. Therefore I have "ip nat outside" on fa1 and fa2, and fa0 has "ip nat inside".
This works as expected.
The problem arises when the VPN users, who connect to the router via fa1 (internet interface), also wants to access to the cusomter network. In this case, I use "ip nat outside" to make NAT translation for VPN users like this :
# ip nat outside source list vpn-address-list pool customer-pool
but it does work at all.
Any advice is really appreciated.