Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
1
Replies

NAT exemption-VPN

sharath413
Level 1
Level 1

‎04-21-2017 04:43 PM

Hi all,

I am studying for CCNA security and came across VPNs and unable to find answers to these question on internet.

1.Why don't we need NAT exemption on ASA in case of Clientless SSL VPN?

2.If exempted from NAT(Cisco anyconnect ssl  vpn),how is the traffic from internal network(private IP )routed on public Internet?

Thanks.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎04-21-2017 11:39 PM

  1. In clientless VPN, the ASA acts as a proxy and no traffic flows *through* the ASA that could be NATed or be exempted from NAT.
  2. By correctly configuring the NAT exemption. There are (minimum) two rules: 
    • The exemption rule in section one that only acts when the internal IPs communicate with the Client IPs.
    • The general rule (often in section three, but also possible in section two) that translates the rest.
0 Helpful
Customers Also Viewed These Support Documents