05-25-2013 05:09 AM
Hi,
is it possible to make exceptions/exclusions for a NAT rule? Think of this scenario:
Problem:
Due to the "global NAT" rule mentioned above, incoming VPN/GP traffic would also be NATed to the internal Host.
Tried:
I tried to put a NAT rule above the forementioned global NAT rule with the same match criteria, adding service-https and disabling all destination translation options. I thought this would disable NAT for HTTPS. But it didn't work.
Ideas?
Thanks!
05-25-2013 05:23 AM
if your 443 port is used by another internal service try to use different port for global protect and make an internal portal.
05-25-2013 05:23 AM
if your 443 port is used by another internal service try to use different port for global protect and make an internal portal.
05-25-2013 05:41 AM
That's a good idea, thanks. But I need to exclude other services, it's not just GP. For example, I need to terminate IPSec VPNs on the external interface. Or could I I use the same approach you described for that (e.g. terminate VPN on a loopback and NAT ipsec/ike to the loopback address)?
05-25-2013 06:02 AM
side to side vpn you mean?
05-25-2013 06:29 AM
yes.
well actually.... basically I want to know if I can make exclusions to a NAT rule. If not, I think the loopback interface might be the solution for everything 
05-25-2013 06:34 AM
I think you can use loopback for these exceptios.
I just tried for GP before but not for any other service.
Logic is the same so it should work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
