Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Hairpin Config on ASA with 8.3.x

Greetings All...

I have just upgraded to to 8.3, and I decided to start on a clean config, So I did not migrate any of the configurations over.

I am configuring a hairpin on the outside for VPN users.

The VPN subnet is A.B.250.0/24

The Server Subnet is A.B.100.0/24

Assuming all the tunnel group, group policy and other VPN config is correct, is the following hairpin configuration correct?

same-security-traffic permit intra-interface

object network SERVER_LAN

subnet A.B.100.0

object network VPN_POOL

subnet A.B.250.0

nat (outside,inside) source static VPN_POOL VPN_POOL

object network SERVER_LAN

nat (inside,outside) dynamic interface

object network VPN_POOL

nat (outside,outside) dynamic interface

Cisco Employee

Re: Hairpin Config on ASA with 8.3.x

that looks ok do you face any problem with that

also you can check the config yourself and see where you have gone wrong by using packet tracer, i would suggets you have implemented this try using packet tracer and see if the translation happens fine

CreatePlease to create content