Converting mobile traffic between ip vpn and transport level vpn

What is claimed is: 1 . A method of providing secure access to a server, comprising: receiving, by a security proxy, a packet associated with a client app on a device, the packet including a source identifier for a source of the packet and a destination identifier for a destination of the packet, the destination being the server; reassigning a tunnel identifier as the source of the packet and a node identifier as the destination of the packet, the node identifier being associated with a node inside the security proxy; storing a correlation of the tunnel identifier, the source identifier, and the destination identifier; forwarding the packet to the node inside the security proxy; determining, using the correlation, the destination identifier; and using the node to forward the packet to the destination. 2 . The method of claim 1 , wherein the reassignment includes removing association of the is packet with the source identifier and the destination identifier. 3 . The method of claim 1 , wherein the reassignment is performed using a network address translator to translate the destination identifier to the tunnel identifier. 4 . The method of claim 1 , wherein the storing includes caching the correlation. 5 . The method of claim 1 , wherein the forwarding is performed using a virtual tunnel interface. 6 . The method of claim 1 , wherein at least two devices connecting to the server use the source identifier. 7 . The method of claim 1 , wherein the tunnel identifier is selected from a pool of addresses. 8 . The method of claim 1 , further comprising: receiving a subsequent packet associated with the client app; wherein the reassigning includes using the tunnel identifier as a source of the subsequent packet. 9 . The method of claim 1 , further comprising: receiving a packet associated with another client app; determining whether a connection associated with the other client app has been established; and if the connection has not been established, establishing the connection and assign a second tunnel identifier as a source of the packet associated with the other client app; wherein the second tunnel identifier is different from the tunnel identifier assigned to the first client app. 10 . The method of claim 1 , wherein the source identifier is a device address and the destination identifier is a server address. 11 . The method of claim 1 , wherein the tunnel identifier is associated with a connection over which the packet is received. 12 . The method of claim 1 , wherein the node identifier is associated with a loopback address and the node includes a port. 13 . The method of claim 1 , further comprising: receiving a request to establish a connection over which the packet is receivable, the request being associated with the client app on the device; creating a virtual tunnel interface in the security proxy; and using a secure tunnel between the device and the security proxy to establish the connection. 14 . The method of claim 13 , wherein an address of the virtual tunnel interface is in a same subnet as the tunnel identifier. 15 . The method of claim 13 , wherein information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the server from the device and to obtain from an identity provider associated with the server a security token to be used by the client app to authenticate the server. 16 . The method of claim 1 , further comprising: receiving, by a port in the security proxy, a return packet associated with the server; determining a return tunnel identifier based on the port on which the return packet is received and the stored correlation; determining, using a network address translator, a return destination identifier based on the return tunnel identifier; and forwarding the return packet to the client app. 17 . A system for providing secure access to a server, comprising: a communication interface configured to receive a packet associated with a client app on a device, the packet including a source identifier for a source of the packet and a destination identifier for a destination of the packet, the destination being the server; and a processor coupled to the communication interface and configured to: reassign a tunnel identifier as the source of the packet and a node identifier as the destination of the packet, the node identifier being associated with a node inside the processor; store a correlation of the tunnel identifier, the source identifier, and the destination identifier; forward the packet to the node inside the processor; determine, using the correlation, the destination identifier; and use the node to forward the packet to the destination. 18 . The system of claim 17 , wherein a virtual tunnel interface is in a same subnet as the tunnel identifier. 19 . The system of claim 17 , wherein a plurality of virtual tunnel interfaces corresponds to a plurality of devices and at least two of the plurality of devices use the source identifier. 20 . A computer program product for providing secure access to a server, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: receiving, by a security proxy, a packet associated with a client app on a device, the packet including a source identifier for a source of the packet and a destination identifier for a destination of the packet, the destination being the server; reassigning a tunnel identifier as the source of the packet and a node identifier as the destination of the packet, the node identifier being associated with a node inside the security proxy; storing a correlation of the tunnel identifier, the source identifier, and the destination identifier; forwarding the packet to the node inside the security proxy; determining, using the correlation, the destination identifier; and using the node to forward the packet to the destination. 21 . The computer program product of claim 20 , wherein at least two devices connecting to the destination use the source identifier.