I have a 5505 configured as part of an SSL VPN pilot. Terminating SSL VPNs is the only thing this box is doing and by and large its working ok except that I cant seem to get traffic between SSL VPN clients.
The clients have IP Softphone, the call set up is working fine as this traffic is between servers and client. But the RTP traffic is not flowing between the peers on the VPN. They are all getting rfc1918 addressing from a DHCP server on the internal network and so are in the same subnet.
I can see that the peer to peer traffic will need to hairpin on the outside interface and so I have configured the 'same-security-interface permit intra' command configured but I think I must be missing something else as its not working. Here is a clip of the relevent config...
same-security-traffic permit intra-interface
access-list nonat extended permit ip any 10.YY.208.0 255.255.240.0 (VPN CLIENT ADDRESSES)
nat (Inside) 0 access-list nonat
static (Inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
route outside 0.0.0.0 0.0.0.0 PUBLICADDRESS 1
route Inside 10.0.0.0 255.0.0.0 172.XX.20.2 1
route outside 10.YY.208.0 255.255.240.0 PUBLICADDDRESS 1
VPN clients are addressed from the 10YY.208.0/20 subnet. I have no ACL in the inside interface while troubleshooting this issue. There is no outside ACL either and VPN traffic is configured to bypass the outside ACL and NAT processes.
I'm sure i'm missing somethingn simple here, but cant quite see it.
Any suggestions ?