Hello Everyone,   I am working on Cisco ASA Firewall migration with MX 250 for our corporate office location, and have few VPN queries listed below,  Setup: MX 250 configured in Routed mode, as needed both Firewall and VPN functions, as well act as a gateway for all the internal (user/application) network subnets. We have a multiple VPN tunnel with per tunnel basis customized local and remote ip subnet (only the required host/application ip address permitted at local/remote encryption domain)  Queries: 1) Scenario: Non Meraki VPN tunnel Requirement: customize the local encryption IP address (specify /32, or multiple host/smaller subnets) to remote network. Is this supported ? 2) Scenario: Multiple non Meraki VPN tunnel Requirement: specify the VPN local encryption domain per tunnel basis. Is this supported ? (instead of global VPN local subnet selection and restriction only at Firewall rule) 3) Scenario: Non Meraki VPN with NAT Requirement1: Many to 1 NAT for VPN outbound connection, and advertise only the NAT IP address to Remote peer. Is this supported ? Requirement2: 1 to 1 NAT for inbound VPN flow, and advertise only the NAT IP address to Remote peer. Is this supported ? Requirement 3: VPN NAT with private IP supported ? and extend only the NAT private IP to remote peer vpn Requirement 4: VPN NAT with public IP supported ? and extend only the NAT public IP to remote peer vpn  Is above requirement achievable ? any thoughts?  ... View more