cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2016
Views
5
Helpful
2
Replies

Where should I configure NAT exemption for AnyConnect Remote Access VPN ?

SaintEvn
Level 1
Level 1

Hi all,

 

We are planning to configure Cisco AnyConnect VPN on our Firepower. And in front of our Firepower, there are two ISR routers that is doing NAT.

What I would like to know is where should I configure NAT exemption? On firepower or on Router?

 

As for now, we’re planning to do NAT exemption and all other RA VPN configuration on firepower.

After that we will configure port-forwarding on ISR router for public access.

Is it the correct steps?

I've added our design in the attachment . Thank you so much

1 Accepted Solution

Accepted Solutions

Hi @SaintEvn 

The VPN clients terminate traffic on the FTD, so NAT exemption should be configured on the FTD. The routers would only ever see the encrypted traffic inbound to the FTD.

 

HTH

View solution in original post

2 Replies 2

Hi @SaintEvn 

The VPN clients terminate traffic on the FTD, so NAT exemption should be configured on the FTD. The routers would only ever see the encrypted traffic inbound to the FTD.

 

HTH

Thank you for your answer

Review Cisco Networking for a $25 gift card