cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
599
Views
0
Helpful
1
Replies

NAT on IPSec VPN

Kane Smith
Level 1
Level 1

Hi guys,

For site to site VPNs between two ASAs, in which scenario(s) we would not do NAT exemption? I have seen various VPN configs in production networks, some with NAT exempt and others without.

Thanks. 

1 Reply 1

Hi,
You would probably need a NAT exemption rule if you had an existing NAT rule that would NAT outbound traffic, e.g for internet access. In this instance the source traffic would usually be natted behind the outside interface and so would the VPN traffic unless you had a NAT exemption rule.

If you do not have any existing NAT rules then no you would not need a NAT exemption rule.

HTH
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: