Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1799
Views
5
Helpful
2
Replies

Where should I configure NAT exemption for AnyConnect Remote Access VPN ?

Go to solution
SaintEvn
Level 1
Level 1

‎12-31-2020 09:27 AM - edited ‎12-31-2020 09:28 AM

Hi all,

 

We are planning to configure Cisco AnyConnect VPN on our Firepower. And in front of our Firepower, there are two ISR routers that is doing NAT.

What I would like to know is where should I configure NAT exemption? On firepower or on Router?

 

As for now, we’re planning to do NAT exemption and all other RA VPN configuration on firepower.

After that we will configure port-forwarding on ISR router for public access.

Is it the correct steps?

I've added our design in the attachment . Thank you so much

Preview file
12 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎12-31-2020 09:32 AM

Hi @SaintEvn 

The VPN clients terminate traffic on the FTD, so NAT exemption should be configured on the FTD. The routers would only ever see the encrypted traffic inbound to the FTD.

 

HTH

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎12-31-2020 09:32 AM

Hi @SaintEvn 

The VPN clients terminate traffic on the FTD, so NAT exemption should be configured on the FTD. The routers would only ever see the encrypted traffic inbound to the FTD.

 

HTH

Go to solution
SaintEvn
Level 1
Level 1
In response to Rob Ingram

‎12-31-2020 09:42 AM

Thank you for your answer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card