Hairping VPN on OUTSIDE interface
What I currently have is SSL Anyconnect VPN connections to the ASA which is working fine.
I want to tunnel all networks back through the ASA.
Any web connections will go to the ASA and haripin back out the OUTSIDE interface to get web access.
I have a static route on the ASA for creating the VPN
route OUTSIDE 0.0.0.0 0.0.0.0 <PUBLIC_IP>
NAT exemption is in place for creating the VPN
nat (INSIDE,OUTSIDE) source static any any destination static VPN_POOL_OG VPN_POOL_OG
What I need is the configuration to create the VPN hairpin for internet traffic.
Any help is greatly appeciated.
You need the following:
same-security-traffic permit intra-interface
VPN pool = 192.168.3.0/24
object network obj-vpnpool
subnet 192.168.3.0 255.255.255.0
nat (outside,outside) dynamic interface
Please let me know
Rate any post you find helpful.