How to enable "hairpinning" on ASA5510

Unanswered Question
May 19th, 2008

dear sir

I have Remote IPSec VPN configured on ASA5510, but we need to lets a VPN client send IPSec-protected traffic to another VPN user, something called "hairpinning",

anyway, I've configured following the manual:

1,same-security-traffic permit intra-interface

2,access-list vpn permit ip 172.16.99.0 255.255.255.0 172.16.99.0 255.255.255.0

3,nat (outside) 0 access-list vpn

but it does not work, attached as my configuration, who can check for me?

Thanks

tom

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Mon, 05/19/2008 - 05:10

Your split tunnel acl is only encrypting traffic to 192.168.1.0. I think you should add 172.16.99.0.

access-list Mukdahan_splitTunnelAcl standard permit 172.16.99.0 255.255.255.0

Actions

This Discussion