Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to enable "hairpinning" on ASA5510

dear sir

I have Remote IPSec VPN configured on ASA5510, but we need to lets a VPN client send IPSec-protected traffic to another VPN user, something called "hairpinning",

anyway, I've configured following the manual:

1,same-security-traffic permit intra-interface

2,access-list vpn permit ip 172.16.99.0 255.255.255.0 172.16.99.0 255.255.255.0

3,nat (outside) 0 access-list vpn

but it does not work, attached as my configuration, who can check for me?

Thanks

tom

  • Other Security Subjects
3 REPLIES
Green

Re: How to enable "hairpinning" on ASA5510

Your split tunnel acl is only encrypting traffic to 192.168.1.0. I think you should add 172.16.99.0.

access-list Mukdahan_splitTunnelAcl standard permit 172.16.99.0 255.255.255.0

New Member

Re: How to enable "hairpinning" on ASA5510

great, it's work.

thank you very much

Green

Re: How to enable "hairpinning" on ASA5510

Good to hear, thanks for the rate.

221
Views
5
Helpful
3
Replies
This widget could not be displayed.