Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
1
Helpful
2
Replies

SSL VPN Hairpinning on 871

xpresso01
Level 1
Level 1

‎05-17-2007 01:17 PM - last edited on ‎02-21-2020 11:46 PM by Community Manager

I have an 871 router with SSL VPN (full client) configured and it seems to be working swimmingly, with one exception. I do not want to perform split tunneling. On the contrary, I specifically would like all of my Internet-destined traffic to travel to the router down the SSL tunnel and then, after being decrypted, head back out the same interface it came in on out to the Net (hairpin). This doesn't seem to be working for me.

I've removed all access lists to rule those out.

I've double checked my IP address pool and confirmed it is in the same range as a connected interface. This interface also has the NAT Inside command applied to it and I know that when I'm actually physically connected to the 871 that NAT works great.

Is this just not feasible, or am I possibly missing something here? I'm running 12.4(9)T1.

Thanks, in advance, for any help.

Labels:
0 Helpful
2 Replies 2

s.jankowski
Level 4
Level 4

‎05-23-2007 10:19 AM

The ones which you have is done ic correct and feasible.

xpresso01
Level 1
Level 1
In response to s.jankowski

‎05-25-2007 06:05 AM

Thanks for the response s.j. Have you actually performed these steps and seen this work? I have spoken to a few folks who have only made this work on the ASA, not using the SSL VPN feature in IOS.

Jim

0 Helpful
Customers Also Viewed These Support Documents