If I am configuring an ASA to pass IPSEC vpn traffic, and I don't want to NAT anything traversing from the inside out, nor am I NATng anything coming in, should I be using NAT exemption vs Identity NAT?
nat (inside) 0 0.0.0.0 0.0.0.0
access-list no-nat permit ip any any
nat (inside) 0 access-list no-nat
The ASA is used exclusively as a vpn endpoint. I am using sysopt connection permit-ipsec so I have no outside ACL. Which NAT method is the best solution?