Forum Discussion
kfilzen_50690
Nimbostratus
NimbostratusNetwork Access without NAPT
First everything works with NAPT enabled or when the 1.2 interface is disabled
We are using the 1.1 interface for internal access out to the internet through the 1.2 interface. ...
mal_57091Nimbostratus
NimbostratusHi,
Sorry not sure I'm following what your actual issues is here. However, NAPT is effectively the same as source NAT (roughly). So, when a client establishes a FirePass Network Access SSL VPN, FirePass will start a PPP interface on the client machine. That PPP interface is allocated an IP address (typically using a FirePass pool - default is 192.168.192.0/24). With NAPT enabled, when the client starts sending data through the Network Access SSL VPN the FirePass will source NAT the packets and replace the client PPP address with the actual FirePass internal IP address. This means that your internal LAN does not need to know about the client-side PPP interface IPs.
If you disable NAPT then you need to ensure that your internal LAN has a route back to the original client PPP IP address via the FirePass Controller.
Cheers,
Mal
