I currently have an ASA providing VPN access into our network. We want to enable client to client communication that looks like it will require that we set up hairpinning via the "same-security-traffic permit intra-interface" command. My boss would like to know what the cons would be of putting this command on the VPN concentrator and allowing the hairpinning. I have done a lot of searching and haven't found any cons but since the default behavior of firewalls is not to allow traffic to go back out the interface that it originally came in on it seems like there should be a reason why it wasn't allowed.
Does anyone have any ideas on what the cons would be of allowing hairpinning?
Thanks in advance!