Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
5
Helpful
3
Replies

How to enable "hairpinning" on ASA5510

csco111107378
Level 1
Level 1

‎05-19-2008 03:57 AM - edited ‎03-09-2019 08:43 PM

dear sir

I have Remote IPSec VPN configured on ASA5510, but we need to lets a VPN client send IPSec-protected traffic to another VPN user, something called "hairpinning",

anyway, I've configured following the manual:

1,same-security-traffic permit intra-interface

2,access-list vpn permit ip 172.16.99.0 255.255.255.0 172.16.99.0 255.255.255.0

3,nat (outside) 0 access-list vpn

but it does not work, attached as my configuration, who can check for me?

Thanks

tom

Labels:
Preview file
7 KB
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎05-19-2008 05:10 AM

Your split tunnel acl is only encrypting traffic to 192.168.1.0. I think you should add 172.16.99.0.

access-list Mukdahan_splitTunnelAcl standard permit 172.16.99.0 255.255.255.0

csco111107378
Level 1
Level 1
In response to acomiskey

‎05-19-2008 05:18 AM

great, it's work.

thank you very much

0 Helpful

acomiskey
Level 10
Level 10
In response to csco111107378

‎05-19-2008 05:23 AM

Good to hear, thanks for the rate.

0 Helpful
Customers Also Viewed These Support Documents