I just bought a ASA 5505 for my house. I want to set it up to allow VPN users that terminate remote-access VPN?s to the Outside interface the ability to surf the internet through the tunnel. This will obviously require the ASA to do a hairpin turn on the Outside interface, can this be done? Any ideas how to set that up?
Thanks in advance!
1. You can access destinations inside though? Is that your whole config? I do not see nat exemption for the vpn.
2. You should not have a 10.10.11.0 network inside, as this is your vpn client subnet. You can remove these (unless you have a 10.10.11.0 network inside, then you should make a new vpn client subnet)
nat (Inside) 10.10.11.0 255.255.255.0
http 10.10.11.0 255.255.255.0 Inside
3. Interface names are case sensitive so try this instead and also add "outside" keyword after nat statement
global (Outside) 1 interface
nat (Outside) 1 10.10.11.0 255.255.255.0 outside
That should work, keep us updated.