Secure Access NAT as a Service
The Cisco Secure Access secure web gateway traffic egresses through the Secure Access NAT as a Service (NATaaS). NATaaS provides secure, efficient connections to internet destinations. NATaaS manages the internet-bound traffic on a shared pool of IP addresses or a single IP reserved for your Secure Access organization. You can choose to reserve an IP address on Secure Access. For more information, see Reserved IP.
Table of Contents
Web Traffic and NAT as a Service
- All public IP web traffic through the Secure Access secure web gateway (SWG) egresses from the NATaaS at 151.186.176.0/20.
- An IP address available from the NATaaS enables you to register your traffic for allow lists maintained by internet sites and services.
- An IP address available from the NATaaS affects only the source IP for your internet-bound traffic. It does not affect the IP address that you use to establish the IPsec tunnel between your network and Secure Access.
Note: Depending on your organization, you may have to contact the internet service providers that you connect to from the NATaaS with these additional IP address ranges. Some internet service providers require prior knowledge of the IP address ranges used before allowing connections to their service.
Non-Web Traffic and NAT as a Service
- All public IP non-web traffic egresses from the NATaaS at 151.186.192.0/20.
Best Practices
- You can not combine the NATaaS IP address range (151.186.176.0/20) with the Secure Access IP address range (151.186.192.0/20) into a larger /19 range. One range is at the end of the larger first block and the other range is at the beginning of the larger second block.
Network Requirements for Secure Access < Secure Access NAT as a Service > Reserved IP
Updated about 1 month ago