12-31-2020 09:27 AM - edited 12-31-2020 09:28 AM
Hi all,
We are planning to configure Cisco AnyConnect VPN on our Firepower. And in front of our Firepower, there are two ISR routers that is doing NAT.
What I would like to know is where should I configure NAT exemption? On firepower or on Router?
As for now, we’re planning to do NAT exemption and all other RA VPN configuration on firepower.
After that we will configure port-forwarding on ISR router for public access.
Is it the correct steps?
I've added our design in the attachment . Thank you so much
Solved! Go to Solution.
12-31-2020 09:32 AM
Hi @SaintEvn
The VPN clients terminate traffic on the FTD, so NAT exemption should be configured on the FTD. The routers would only ever see the encrypted traffic inbound to the FTD.
HTH
12-31-2020 09:32 AM
Hi @SaintEvn
The VPN clients terminate traffic on the FTD, so NAT exemption should be configured on the FTD. The routers would only ever see the encrypted traffic inbound to the FTD.
HTH
12-31-2020 09:42 AM
Thank you for your answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide