Hairpin with NAT (PAT)

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Thu, 09/10/2009 - 10:15

= users on other l2l tunnel needing access to web host

same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

Make sure the web host they are accessing is part of the crytpo acl for the l2l tunnel on the local end.

access-list crypto extended permit ip host

and a mirror image on the far end.

access-list crpyto extended permit ip host

and also nat 0 for the far end...

access-list nat0 extended permit ip host

nat (inside) 0 access-list nat0


This Discussion