Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
3
Helpful
3
Replies

FTD VPN Question

Go to solution
benolyndav
Level 4
Level 4

‎01-17-2024 12:12 AM

HI

Quick qery

We havea VPN across the Internet to a third party from our FTD,  If I dont add a Nat excemption rule for the 172.16.x.x netwotk  does the traffic get natted to the Outside Interface nativley.??
Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-17-2024 12:17 AM

@benolyndav yes it's more than likely to unintentially be translated behind the outside interface. So you will need a NAT exemption rule to ensure it does not.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎01-17-2024 12:17 AM

@benolyndav yes it's more than likely to unintentially be translated behind the outside interface. So you will need a NAT exemption rule to ensure it does not.

Go to solution
MHM Cisco World
VIP
VIP

‎01-17-2024 12:26 AM

If it S2S VPN then you need NAT for 500/4500 udp port' this NAT for tunnel heads

If it RA VPN the vpn pool the client use it hidden so you dont neee no-NAT for vpn pool' but also you need NAT only for tunnel head.

MHM

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-17-2024 05:44 AM

As others have noted, if you have a dynamic interface NAT then you most likely need to exempt the interesting VPN traffic from that rule.

Refer to the FTD order of operations below where you can see in the outbound traffic flow that NAT policy is applied prior to VPN encryption.

FTD OOO - courtesy of Nazmul RajibFTD OOO - courtesy of Nazmul Rajib

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card