Hi, we are having some problems related to hairpinning traffic through the ASA. With the PIX as I understood this was impossible, but with the ASA I understand this is possible. Below is the link I used to configure this. http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml The problem is though that it still doesn't work. The situation is we have an F5 SSL VPN solution inside the network. The SSL VPN concentrator NATs from the outside via a static, to a 192.168.40.X address on the inside interface (192.168.40.1/24). The SSL VPN clients are assigned an address off of a virtual subnet 192.168.45.0. The clients CAN access the internet, and other sites, but cannot access local devices on the 192.168.40.x network. They CAN ping, but cannot get any TCP traffic to flow. We have a ACL on the inside interface permitting ANY traffic. Do you have any ideas? I was thinking it may be best just to insert a router and make it the default gateway on the subnet instead of the ASA. Any recommendations would be much appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...