cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
487
Views
0
Helpful
1
Replies

query on nat exemption and anyconnect vpn client

donnie
Level 1
Level 1

Hi all,

I have a scenario where a asa 5520 is a vpn box which allows remote access vpn users to access my inside network 192.168.1.0/24. The remote vpn users are given the vpn ip within 192.168.1.128/25 subnet. However no nat exemption for inside network 192.168.1.0/24 to vpn subnet 192.168.1.128/25 is configured on the asa and vpn clients are able to access resources within the inside network. Hence can i confirm that nat exemption is not required for inside network to vpn subnet because the vpn subnet 192.168.1.128/25 falls within the 192.168.1.0/24 subnet?

Secondly i find that some anyconnect vpn clients have username that is fixed and cannot be changed when they try to connect to some locations. These pc has certificates installed to the cert store within the windows pc. But why is it such that the username cannot be changed on the anyconnect vpn client when connecting to specific locations.

Pls advise, thks in advance.

1 Reply 1

acomiskey
Level 10
Level 10

Would have to see your config to tell you why it's working without nat exemption, but it is recommended that the vpn client pool not be part of your internal network addressing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: