02-24-2021 07:26 AM
Is the protected networks defined on a L2L tunnel the real IP address or the NATed outside address?
Solved! Go to Solution.
02-24-2021 08:17 AM - edited 02-24-2021 08:18 AM
If you want to NAT over the VPN then modify the protected network ACL to include the NAT address.
If you already have a NAT setup and you don't want to NAT over the VPN, then this is when you'd create a NAT exemption rule. In which case the protected networks ACL would include the real IP address.
02-24-2021 07:44 AM
Real IP address use to establish tunnel. Intresting traffic will be protected by IPSec tunnel.
02-24-2021 07:51 AM
What is your intention? If you want to NAT over the VPN you'd have to include the NAT address in the ACL defining the interesting traffic to be encrypted.
If you do not want to NAT over the VPN, you'd need to create a NAT exemption rule to ensure the traffic is not unintentially natted and also use the real IP address in the ACL defining the interesting/protected networks.
02-24-2021 08:13 AM
So i have a host that I NAT before going over the Internet. I also want to NAT if used in a VPN tunnel, so i believe you are saying that I
would use the NAT address as the protected network def. is this correct?
02-24-2021 08:17 AM - edited 02-24-2021 08:18 AM
If you want to NAT over the VPN then modify the protected network ACL to include the NAT address.
If you already have a NAT setup and you don't want to NAT over the VPN, then this is when you'd create a NAT exemption rule. In which case the protected networks ACL would include the real IP address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide