ASA Hairpinning

Unanswered Question
Dec 1st, 2007
User Badges:

I would like to configure ASA 5510 to allow VPN clients access to the network behind the firewall, IPsec vpn tunnels, and internet access.

Is that hairpinning? How do I configure to allow internet access?

It is already setup to allow access to the network, just not the internet.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
JORGE RODRIGUEZ Sat, 12/01/2007 - 20:41
User Badges:
  • Green, 3000 points or more

Eric, from what I have read hairpining would be if you were using what is refer as public internet on a stick to allow vpn clients to asa outside internet without using split tunneling in asa. You could either use with split tunneling or outside nat enabling hairpining with same-security-traffic permit intra-interface

Configuring split tunneling

Or public internet on a stick.

same-security-traffic permit intra-interface allows the traffic to exit out on the interface it was received on

global (outside) 1 interface

nat (outside) 1

rate any helpful post if it helps



braulio.santos Sun, 09/14/2008 - 22:46
User Badges:

Your configuration issue is split tunnel, than say Jorge.

Hairpining is other concept.


This Discussion