Message Image

Skip main navigation (Press Enter).

SRX

View Only

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

SRX IPSec VPN and NAT questions

Jump to Best Answer

gongyayu05-29-2020 21:08

I am working on a IPSec VPN between SRX220 and Cisco ASA. The SRX has a default nat configured, I used ...

Nellikka05-30-2020 00:05Best Answer

Yes, NAT happens before encryption. You may config "source-nat off" for the traffic from 10.0.0.10/32 ...

gongyayu05-31-2020 10:45

thanks a lot !!!

1. SRX IPSec VPN and NAT questions

0 Recommend
gongyayu
Posted 05-29-2020 21:08

Reply Reply Privately
I am working on a IPSec VPN between SRX220 and Cisco ASA. The SRX has a default nat configured, I used policy-based VPN. My question is nat first or encryption first ?

From ASA Log I saw the following:

Seems to me NAT before encryption. Am I right ?

thanks a lot !!
2. RE: SRX IPSec VPN and NAT questions
Best Answer

0 Recommend
Nellikka
Posted 05-30-2020 00:05

Reply Reply Privately
Yes, NAT happens before encryption. You may config "source-nat off" for the traffic from 10.0.0.10/32 to 172.21.244.25. Please refer this KB for details: https://kb.juniper.net/InfoCenter/index?page=content&id=KB24404&actp=METADATA
3. RE: SRX IPSec VPN and NAT questions

0 Recommend
gongyayu
Posted 05-31-2020 10:45

Reply Reply Privately
thanks a lot !!!

Powered by Higher Logic