How to enable "hairpinning" on ASA5510

Unanswered Question
May 19th, 2008
User Badges:

dear sir


I have Remote IPSec VPN configured on ASA5510, but we need to lets a VPN client send IPSec-protected traffic to another VPN user, something called "hairpinning",

anyway, I've configured following the manual:

1,same-security-traffic permit intra-interface

2,access-list vpn permit ip 172.16.99.0 255.255.255.0 172.16.99.0 255.255.255.0

3,nat (outside) 0 access-list vpn

but it does not work, attached as my configuration, who can check for me?


Thanks


tom





Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Mon, 05/19/2008 - 05:10
User Badges:
  • Green, 3000 points or more

Your split tunnel acl is only encrypting traffic to 192.168.1.0. I think you should add 172.16.99.0.


access-list Mukdahan_splitTunnelAcl standard permit 172.16.99.0 255.255.255.0

acomiskey Mon, 05/19/2008 - 05:23
User Badges:
  • Green, 3000 points or more

Good to hear, thanks for the rate.

Actions

This Discussion