Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Hairpin VPN on OUTSIDE interface

Hairping VPN on OUTSIDE interface

What I currently have is SSL Anyconnect VPN connections to the ASA which is working fine.

I want to tunnel all networks back through the ASA.

Any web connections will go to the ASA and haripin back out the OUTSIDE interface to get web access.

I have a static route on the ASA for creating the VPN

route OUTSIDE 0.0.0.0 0.0.0.0 <PUBLIC_IP>

NAT exemption is in place for creating the VPN

nat (INSIDE,OUTSIDE) source static any any destination static VPN_POOL_OG VPN_POOL_OG

What I need is the configuration to create the VPN hairpin for internet traffic.

Any help is greatly appeciated.

VPNHairpin.jpg                  

1 ACCEPTED SOLUTION

Accepted Solutions

Hairpin VPN on OUTSIDE interface

Hi Thomas,

You need the following:

1)

same-security-traffic permit intra-interface

2)

VPN pool  = 192.168.3.0/24


object network obj-vpnpool

     subnet 192.168.3.0 255.255.255.0

     nat (outside,outside) dynamic interface

!

Please let me know

Rate any post you find helpful.

3 REPLIES

Hairpin VPN on OUTSIDE interface

Hi Thomas,

You need the following:

1)

same-security-traffic permit intra-interface

2)

VPN pool  = 192.168.3.0/24


object network obj-vpnpool

     subnet 192.168.3.0 255.255.255.0

     nat (outside,outside) dynamic interface

!

Please let me know

Rate any post you find helpful.

Community Member

Hairpin VPN on OUTSIDE interface

Javier, you legend.

Thanks very much.

Never had a straight answer so quickly.

Cheers.

Hairpin VPN on OUTSIDE interface

I so happy to hear that!!

Thanks for your nice comments (5 stars), they are more valuable than any stars

Do not hesitate to count on us at any time.

Take care!!

1929
Views
5
Helpful
3
Replies
CreatePlease to create content