Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 Hairpin (I think) for VPN traffic

I've got a slight problem with a site to site vpn setup between site A and site B and the ability to authenticate against an RSA SecurID appliance located at Site A if the user VPNs in to Site B.

Basically, the setup is as follows:

Site A:

Cisco ASA 5510

RSA SecurID appliance

VPN access set on the firewall to authenticate against site A RSA device.

Single Class C Subnet supernetted on /23 - the inside interface on the firewall is on this subnet

Site B:

Cisco ASA 5510

VPN access set on the firewall to authenticate against Site A RSA device.

Single Class C Subnet supernetted on /23 - the inside interface on the firewall is on this subnet

Site A works beautifully, authenticates and allows access.

Site B hangs on 'contacting the security gateway'. When I try to ping Site A subnet from firewall B, I get no response, which I think is the problem.

I have set the 'same-security-traffic permit intra-interface' setting.

Any help would be much appreciated.

1 REPLY

Re: ASA 5510 Hairpin (I think) for VPN traffic

Hi,

When you ping Site A subnet from firewall B, did you use the command

ping inside (LAN side of ASA) siteA ip..?

or just ping .

If there is working L2L tunnel between 2sites, ping (interface) ip should work.

TIA

MS

845
Views
0
Helpful
1
Replies