Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hairpinning for Webvpn

Hi!  Its my first time to post here not sure how it works.

Im having problems configuring Hairpinning thru WebVPN but it works with IPSEC.  For testing I tried to used same address-pool and split tunnel policy and already enabled same-security and nat bypass for internal traffic.  Everything works fine IPSEC except for WebVPN and for the WebVPN users they can access resources behind the firewall but not thru haripinning (outside interface).

Thanks

1 REPLY
Bronze

Hairpinning for Webvpn

Jason

Its been a while sicen I have done this, but here is a config that I used a while back for this (asa 8.0.2). The rest of the config as per standard

interface Ethernet0/0

nameif outside

security-level 0

ip address 20.1.1.1 255.255.255.0

!

same-security-traffic permit intra-interface

ip local pool vpn_user_pool 20.1.1.200-20.1.1.220 mask 255.255.255.0

webvpn

enable outside

svc image disk0:/sslclient-win-1.1.4.176.pkg 1

svc enable

group-policy msw-grp internal

group-policy msw-grp attributes

vpn-tunnel-protocol svc

webvpn

  svc ask none default svc

username mwinnett password vukFd0JFOKL2l7IE encrypted privilege 15

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool vpn_users

address-pool vpn_user_pool

default-group-policy msw-grp

prompt hostname context

ciscoasa(config)# sh vpn-sessiondb svc

Session Type: SVC

Username     : mwinnett               Index        : 6

Assigned IP  : 20.1.1.200             Public IP    : 10.48.67.22

Protocol     : Clientless SSL-Tunnel

Encryption   : RC4                    Hashing      : SHA1

Bytes Tx     : 45779                  Bytes Rx     : 19750

Group Policy : msw-grp                Tunnel Group : DefaultWEBVPNGroup

Login Time   : 17:14:35 UTC Thu Sep 13 2007

Duration     : 0h:01m:02s

NAC Result   : Unknown

VLAN Mapping : N/A                    VLAN         : none

282
Views
0
Helpful
1
Replies
CreatePlease login to create content