We have a basic internet ipsec vpn setup between our remotes and corporate. One of our vendors will now require a vpn connection to connect to them. They have provided a sonicwall firewall for the connection. I've attached the network diagram. We are a cascaded network(option b), but why is the NAT or PAT required, wouldnt the netgate bounce traffic it didnt know what to do with back to the firewall and then the firewall sent it to the appropiate device through the network?