Hello. I am trying to implement the following scenario on ASA5520 firewall. The firewall serves two purposes... It is used as firewall and DHCP server for internal clients as well as VPN concentrator to access internal network via AnyConnect VPN client. I would like to make it transparent for external and internal clients who is connected to the one of inside interfaces to access Internet so they can use one public IP address to VPN in. Something like on the picture above. So far I can do VPN from outside and inside but I can not use the outside public IP address when trying to VPN in from inside. Is there any mechanism to do U-Turn on outside interface so the traffic can come back to the same interface. I use a global pool of public IP addresses. All internal clients on "Internet" vlan reside on the subnet PATed using one public IP address and another public IP address is used for WEBVPN.