Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

query on nat exemption and anyconnect vpn client

Hi all,

I have a scenario where a asa 5520 is a vpn box which allows remote access vpn users to access my inside network 192.168.1.0/24. The remote vpn users are given the vpn ip within 192.168.1.128/25 subnet. However no nat exemption for inside network 192.168.1.0/24 to vpn subnet 192.168.1.128/25 is configured on the asa and vpn clients are able to access resources within the inside network. Hence can i confirm that nat exemption is not required for inside network to vpn subnet because the vpn subnet 192.168.1.128/25 falls within the 192.168.1.0/24 subnet?

Secondly i find that some anyconnect vpn clients have username that is fixed and cannot be changed when they try to connect to some locations. These pc has certificates installed to the cert store within the windows pc. But why is it such that the username cannot be changed on the anyconnect vpn client when connecting to specific locations.

Pls advise, thks in advance.

1 REPLY
Green

query on nat exemption and anyconnect vpn client

Would have to see your config to tell you why it's working without nat exemption, but it is recommended that the vpn client pool not be part of your internal network addressing.

334
Views
0
Helpful
1
Replies
CreatePlease login to create content