12-03-2014 11:49 PM - edited 03-11-2019 10:10 PM
12-04-2014 02:44 AM
Hi,
The most typical situation which requires a NAT Exemption (or NAT0) configuration on a firewall/vpn device is when you are using L2L VPN and VPN Client connections.
Now lets consider a situation where you have a firewall/vpn device simply to act as a firewall between the internal and external networks. The NAT configurations at its most basic will contain a Dynamic PAT/NAT configurations which will NAT any connections coming from the internal network to the external network to a specific public IP address. Now if you were to have a L2L VPN connection configured on the same device to connect some remote site/location to your local office it would typically mean that you would want to connect to the hosts on the remote site with their local IP addresses, right? Now what happens without configuring NAT Exemption that connections towards the remote site will get NATed to the same public IP address that any other traffic heading to the external network will get NATed to.
This is where NAT Exemption comes in. You will essentially configure the firewall/vpn device so that it will NOT perform NAT between certain hosts/subnets. So if for example you had a local subnet 10.10.10.0/24 and remote subnet 10.10.20.0/24 you would configure NAT Exemption between these subnets. When connections are attempted between these subnets the firewall/vpn device would then match the connections to the NAT Exemption and ignore performing any NAT. This would enable the hosts to connect to eachother with their actual IP addresses from the subnets I mentioned.
To boil the answer down to one sentence it would be this: NAT Exemption is a mechanism on a firewall/vpn device to avoid performing NAT in a situation where otherwise the device would perform NAT.
Hope I made any sense. Hope it helps :)
Please do remember to mark a reply as the correct answer if it answered your question or feel free to ask more if needed.
- Jouni
12-04-2014 02:44 AM
Hi,
The most typical situation which requires a NAT Exemption (or NAT0) configuration on a firewall/vpn device is when you are using L2L VPN and VPN Client connections.
Now lets consider a situation where you have a firewall/vpn device simply to act as a firewall between the internal and external networks. The NAT configurations at its most basic will contain a Dynamic PAT/NAT configurations which will NAT any connections coming from the internal network to the external network to a specific public IP address. Now if you were to have a L2L VPN connection configured on the same device to connect some remote site/location to your local office it would typically mean that you would want to connect to the hosts on the remote site with their local IP addresses, right? Now what happens without configuring NAT Exemption that connections towards the remote site will get NATed to the same public IP address that any other traffic heading to the external network will get NATed to.
This is where NAT Exemption comes in. You will essentially configure the firewall/vpn device so that it will NOT perform NAT between certain hosts/subnets. So if for example you had a local subnet 10.10.10.0/24 and remote subnet 10.10.20.0/24 you would configure NAT Exemption between these subnets. When connections are attempted between these subnets the firewall/vpn device would then match the connections to the NAT Exemption and ignore performing any NAT. This would enable the hosts to connect to eachother with their actual IP addresses from the subnets I mentioned.
To boil the answer down to one sentence it would be this: NAT Exemption is a mechanism on a firewall/vpn device to avoid performing NAT in a situation where otherwise the device would perform NAT.
Hope I made any sense. Hope it helps :)
Please do remember to mark a reply as the correct answer if it answered your question or feel free to ask more if needed.
- Jouni
12-08-2014 08:03 PM
Thankss...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide