Hairpin Config on ASA with 8.3.x

Unanswered Question
Sep 27th, 2010

Greetings All...

I have just upgraded to to 8.3, and I decided to start on a clean config, So I did not migrate any of the configurations over.

I am configuring a hairpin on the outside for VPN users.

The VPN subnet is A.B.250.0/24

The Server Subnet is A.B.100.0/24

Assuming all the tunnel group, group policy and other VPN config is correct, is the following hairpin configuration correct?

same-security-traffic permit intra-interface

object network SERVER_LAN

subnet A.B.100.0

object network VPN_POOL

subnet A.B.250.0

nat (outside,inside) source static VPN_POOL VPN_POOL

object network SERVER_LAN

nat (inside,outside) dynamic interface

object network VPN_POOL

nat (outside,outside) dynamic interface

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Mon, 09/27/2010 - 06:35

that looks ok do you face any problem with that

also you can check the config yourself and see where you have gone wrong by using packet tracer, i would suggets you have implemented this try using packet tracer and see if the translation happens fine


This Discussion