In a production environment, your gateway is configured to apply a Hide NAT for all internal
traffic destined to the Internet. However, you are setting up a VPN tunnel with a remote
gateway, and you are concerned about the encryption domain that you need to define on
the remote gateway. Does the remote gateway need to include your production gateway’s
external IP in its encryption domain?
A.
Yes – The gateway will apply the Hide NAT for this VPN traffic.
B.
Yes – all packets destined to go through the VPN tunnel will have the payload
encapsulated in an ESP packet and after decryption at the remote site, the packet will
contain the source IP of the Gateway because of Hide NAT.
C.
No – all packets destined to go through the VPN tunnel will have the payload
encapsulated in an ESP packet and after decryption at the remote site, will have the same
internal source and destination IP addresses.
D.
No – all packets destined through a VPN will leave with original source and destination
packets without translation.
Explanation: