ASA Hairpinning

Unanswered Question
Nov 26th, 2007
User Badges:

Does anyone know how I can setup a client vpn group to be able to terminate at an ASA and still have Internet and the ability to traverse other VPN connected sites (Hardware VPN)?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


to allow traffic to enter and exit the same interface, use the same-security-traffic command in global configuration mode.

same-security-traffic permit intra-interface.

As long as you configure the ASA and the other VPN site routers to permit traffic for the client VPN address range this will work.



This Discussion