SRX

Expand all | Collapse all

SRX IPSec VPN and NAT questions

Jump to Best Answer
  • 1.  SRX IPSec VPN and NAT questions

    Posted 05-29-2020 21:08

    I am working on a IPSec VPN between SRX220 and Cisco ASA. The SRX has a default nat configured, I used policy-based VPN. My question is nat first or encryption first ?

    From ASA Log I saw the following:

    SRX-VPN.JPG

    Seems to me NAT before encryption.  Am I right ?

     

    thanks a lot !!



  • 2.  RE: SRX IPSec VPN and NAT questions
    Best Answer

    Posted 05-30-2020 00:05

    Yes, NAT happens before encryption. You may config "source-nat off" for the traffic from 10.0.0.10/32 to 172.21.244.25. Please refer this KB for details: https://kb.juniper.net/InfoCenter/index?page=content&id=KB24404&actp=METADATA 

     

     



  • 3.  RE: SRX IPSec VPN and NAT questions

    Posted 05-31-2020 10:45

    thanks a lot !!!