Trying to set up VPN Client with Hairpinning on ASA5510

Answered Question
Oct 1st, 2008
User Badges:

Hi,


I am trying to set up our ASA5510 so users can connect to our work LAN and browse the Internet as well.


I've followed the Cisco guide, I connect and I'm given a 192.168.10.x address as needed but I can not connect to anything on our 10.0.0.0/24 work network nor surf the Internet.


Could someone please check my config and see what is wrong, there is also a L2L vpn on here to a 192.168.3.0 network but that works without issues


Many Thanks,

Chris

Correct Answer by singhsaju about 8 years 7 months ago

Hello Chris,


Add following access-list statement.


access-list INSIDE_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0


And for hairpinning the internet traffic add following command:


same-security-traffic permit intra-interface




Check and post results.

HTH

Saju

pls rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
singhsaju Wed, 10/01/2008 - 09:47
User Badges:
  • Silver, 250 points or more

Hello Chris,


Add following access-list statement.


access-list INSIDE_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0


And for hairpinning the internet traffic add following command:


same-security-traffic permit intra-interface




Check and post results.

HTH

Saju

pls rate helpful posts

shaw.chris Wed, 10/01/2008 - 09:59
User Badges:

Thanks for your help, I already had "same-security-traffic permit intra-interface" but adding the access-list did the trick!


Thanks again

Chris

Actions

This Discussion