EX SSL-VPN: Tunnel based SNAT (Translated Pool) Address and its limitations
03/26/2020 1061 10714
DESCRIPTION: EX SSL-VPN: Tunnel based SNAT (Translated Pool) Address and its limitations
What are the limitations when using Translated Address pool for CT/ODT Users?
NAT pool assumes 18.104.22.168/8 is available (marked "Unassigned" by IETF) and translates the clients source address to an address from 22.214.171.124 - 126.96.36.199 range.
Maximum of 15 SNAT IP addresses can be used on the appliance without impacting backend server traffic (Packet drops, disconnects). Static Pool IP is the recommended way to address multiple group based address requirements.
When configuring translated (Source NAT) IP address pools, be sure to specify an unused address on the subnet of the internal interface.
All network activity must be initiated by the client; therefore, this method of IP address allocation does not support applications that make reverse connections or crossconnections (such as SMS, VoIP, or FTP).
Windows domain browsing is not supported; if users try to browse a Windows domain through Network Explorer or Network Neighborhood, an error message indicates that they are not authorized to access the resources.
Client-to-client cross-connections are not supported.