Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN-client to VPN-client traffic

Hi,

I'm trying to configure an ASA so it allows 2 VPN-Clients (on the same subnet) to SSH each other (or any other IP traffic).
What is the best way to accomplisch this?

Best regards,

Tom

1 REPLY

Hi Tom, To accomplish this

Hi Tom,

 

To accomplish this you will need u-turn configuration, to define when the packets from the VPN client ingress to the outside interface, they won't try to find the destination on the inside interface therefore we will need to define this:

 

1. This command will enable U-turning on the ASA:

 

IP local pool VPN_Client_IPs 192.168.11.0-192.168.11.0 mask 255.255.255.0

- ciscoasa(config)# same-security-traffic permit intra-interface

 

2. Then we will define a NAT 0 statement on the outside:

 

for example:

 

8.3 NAT:

 

object network obj-192.168.11.0

subnet 192.168.11.0 255.255.255.0

 

nat (outside,outside) 1 source static obj-192.168.11.0 obj-192.168.11.0 destination static obj-192.168.11.0 obj-192.168.11.0 no-proxy-arp route-lookup

This is an explicit example on ASAs, you can follow this logic.

 

What do you have on your network as the VPN server?

What type of VPN software are you using?

 

 

Let me know if this work for you.

 

Please don't forget to rate,

 

Best Regards, 

 

David Castro,

 

 

216
Views
0
Helpful
1
Replies