Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

query on nat exemption and anyconnect vpn client

Hi all,

I have a scenario where a asa 5520 is a vpn box which allows remote access vpn users to access my inside network The remote vpn users are given the vpn ip within subnet. However no nat exemption for inside network to vpn subnet is configured on the asa and vpn clients are able to access resources within the inside network. Hence can i confirm that nat exemption is not required for inside network to vpn subnet because the vpn subnet falls within the subnet?

Secondly i find that some anyconnect vpn clients have username that is fixed and cannot be changed when they try to connect to some locations. These pc has certificates installed to the cert store within the windows pc. But why is it such that the username cannot be changed on the anyconnect vpn client when connecting to specific locations.

Pls advise, thks in advance.


query on nat exemption and anyconnect vpn client

Would have to see your config to tell you why it's working without nat exemption, but it is recommended that the vpn client pool not be part of your internal network addressing.

CreatePlease login to create content