I've configured SSL VPN on an 1811 router running 12.4(9) IOS. I'm using the full SSL VPN client and do not want to split tunnel the traffic. I can reach my inside resources just fine, but I can not reach sites on the Internet. I want to tunnel my Internet traffic to the router and then have it hairpin out the same interface.
I've successfully configured this type of hairpinning on an ASA for SSL VPN, but have yet to find a way to do it in IOS. Does anyone have a sample config or suggestions?
Thanks. I've followed these instructions before, but the result was the same for me. I can reach internal resources, but hairpinning my traffic back out the outside interface to the Internet does not work. I'm still wondering if anyone actually has this operating in the way that I've described within their production environment.
well according to the logic used for the bringing the traffic to the asa outside interface
what i did is natted the local pool traffic on the outside interface as well
so same concept if we use on the CISCO IOS also we can solve
ip nat outside source static "local-pool-network" intrface "outside-interface" overload
See if this helps..
can you please post ur configuration as I am unable to access the resources inside from the ssl vpn users..I dont want to bring the internet traffic towards the router but only the local lan traffic from remote ssl vpn users.
For the traffic to be natted on IOS it must traverse from inside to outside nat interface (or nat enabled interfaces)
You can try create a loopbak and set it as nat inside, direct the traffic from VPN to the loopback as nexthop, it the traffic is to go to inside the router will do that automaticaly, it it's to go to outside it will nat it.
You could use a policy-routing.
Not sure it will work, but worked for me on seemed situations.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :