Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
1
Replies

Cons of VPN hairpinning?

maldavis3697
Level 1
Level 1

‎03-11-2009 03:06 PM - edited ‎03-11-2019 08:03 AM

I currently have an ASA providing VPN access into our network. We want to enable client to client communication that looks like it will require that we set up hairpinning via the "same-security-traffic permit intra-interface" command. My boss would like to know what the cons would be of putting this command on the VPN concentrator and allowing the hairpinning. I have done a lot of searching and haven't found any cons but since the default behavior of firewalls is not to allow traffic to go back out the interface that it originally came in on it seems like there should be a reason why it wasn't allowed.

Does anyone have any ideas on what the cons would be of allowing hairpinning?

Thanks in advance!

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎03-12-2009 04:44 AM

The only one I can think of is, if a machine that has been compromised while connected to the VPN, apart from the obvious of putting your internal network at risk. The machine can be used as a jumping off point to Hack/Spam/DOS out to the internet with a source IP of your firewall - effectlivly black listing your IP range. This does hamper doing buisness.

Other than that - can't think of anything else.

HTH>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card