ReRouting IPSec traffic on the hub ASA

Unanswered Question
Jul 7th, 2010


I have a hub location "A" and two braches "B" and "C", both connected to "A" using IPSec tunnels on ASA 5505 v8.0.

The question is: Can I reroute traffic coming from "B" to "C"?

"B"  --IPSec-->  "A"  --IPSec-->  "C"



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 07/07/2010 - 19:39

Hi Guido,

Yes, the ASA allows hairpinning the traffic back out the same interface in which it receives it.

Assuming that both tunnels end on the outside interface, then normally you need:

same-security-traffic permit intra-interface

Also, the correct routing and NAT rules for the traffic.

Let us know if you need further help.



This Discussion