Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
1
Replies

AnyConnect - How should this traffic be interpreted on the ASA?

Eric Snijders
Level 1
Level 1

‎11-08-2017 01:45 AM - edited ‎03-12-2019 04:43 AM

We have a ASA running AnyConnect and this is working fine, but i was wondering how i should interpret traffic coming from the AnyConnect subnet.

 

For example:

- ASA01 is running the AnyConnect (let's say: 10.0.0.0/24)

- ASA01 has a static route to the 192.168.1.0/24

- ASA01 also has a static NAT for 192.168.1.1 to 172.16.1.1

 

What will happen when i send a packet from my AnyConnect client (10.0.0.0/24) to 192.168.1.1? Will the ASA first apply the NAT or will it just follow his routing table? I have no idea how i should interpret this since the AnyConnect network isn't a "interface" on the ASA.

 

 

Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎11-08-2017 02:39 AM

NAT is done befor routing. Depending on your ASA version you either need
nat exempt (prior version 8.3) or twice nat (after 8.3) to exclude
vpn-to-vpn nat
0 Helpful
Customers Also Viewed These Support Documents