Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 678 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No NAT Rule for VTI Interface

warnox

Hi,

I've configured an IPsec tunnel over VTI with OSPF routing and I'm wondering what is the recommended way of creating a No-NAT rule?

I would expect to leave all the fields with default values and just set the outbound interface as the VTI (XFRM) but the VTI doesn't show up in the 'outbound interface' list. The alternative is to manually add all networks which are accessed over the VPN into 'original destination' but this isn't scalable.

Thanks for any input.



This thread was automatically locked due to age.
  • 0

    If it is LAN(or any specific Zone) to VPN traffic then you can create linked NAT rule to the given firewall rule with Translated Source as "Original" so any traffic matching with the given firewall rule will leave the firewall without NAT.