ASA Hairpinning

Unanswered Question
Nov 26th, 2007
User Badges:

Does anyone know how I can setup a client vpn group to be able to terminate at an ASA and still have Internet and the ability to traverse other VPN connected sites (Hardware VPN)?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hello.


to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode.


same-security-traffic permit intra-interface.


As long as you configure the ASA and the other VPN site routers to permit traffic for the client VPN address range this will work.


Tim



Actions

This Discussion