ASA 5510 Hairpin (I think) for VPN traffic

Unanswered Question
May 21st, 2009

I've got a slight problem with a site to site vpn setup between site A and site B and the ability to authenticate against an RSA SecurID appliance located at Site A if the user VPNs in to Site B.

Basically, the setup is as follows:

Site A:

Cisco ASA 5510

RSA SecurID appliance

VPN access set on the firewall to authenticate against site A RSA device.

Single Class C Subnet supernetted on /23 - the inside interface on the firewall is on this subnet

Site B:

Cisco ASA 5510

VPN access set on the firewall to authenticate against Site A RSA device.

Single Class C Subnet supernetted on /23 - the inside interface on the firewall is on this subnet

Site A works beautifully, authenticates and allows access.

Site B hangs on 'contacting the security gateway'. When I try to ping Site A subnet from firewall B, I get no response, which I think is the problem.

I have set the 'same-security-traffic permit intra-interface' setting.

Any help would be much appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mvsheik123 Thu, 05/21/2009 - 06:07

Hi,

When you ping Site A subnet from firewall B, did you use the command

ping inside (LAN side of ASA) siteA ip..?

or just ping .

If there is working L2L tunnel between 2sites, ping (interface) ip should work.

TIA

MS

Actions

This Discussion