I am working on a IPSec VPN between SRX220 and Cisco ASA. The SRX has a default nat configured, I used policy-based VPN. My question is nat first or encryption first ?
From ASA Log I saw the following:
Seems to me NAT before encryption. Am I right ?
thanks a lot !!
Yes, NAT happens before encryption. You may config "source-nat off" for the traffic from 10.0.0.10/32 to 172.21.244.25. Please refer this KB for details: https://kb.juniper.net/InfoCenter/index?page=content&id=KB24404&actp=METADATA
thanks a lot !!!