Want to connect the VPN between 3 sites like below
BranchA(SSG140) <-> HA(SSG140) <-> BranchB(Palo Alto PA-820)
The VPN between the branch and HA were establish. Problem is how to make Branch A and B communicate through HA.
Found a link from Cisco website which demonstrate this situation.
It mention "hairpin NAT" which I never heard of it before. My existing VPN no need any NAT policy.
Is the "hairpin NAT" a necessary setting for this situation?