Hairpinning for Webvpn

jasontatom · ‎01-30-2012

Hi! Its my first time to post here not sure how it works.

Im having problems configuring Hairpinning thru WebVPN but it works with IPSEC. For testing I tried to used same address-pool and split tunnel policy and already enabled same-security and nat bypass for internal traffic. Everything works fine IPSEC except for WebVPN and for the WebVPN users they can access resources behind the firewall but not thru haripinning (outside interface).

Thanks

mwinnett · ‎02-13-2012

Jason

Its been a while sicen I have done this, but here is a config that I used a while back for this (asa 8.0.2). The rest of the config as per standard

interface Ethernet0/0

nameif outside

security-level 0

ip address 20.1.1.1 255.255.255.0

!

same-security-traffic permit intra-interface

ip local pool vpn_user_pool 20.1.1.200-20.1.1.220 mask 255.255.255.0

webvpn

enable outside

svc image disk0:/sslclient-win-1.1.4.176.pkg 1

svc enable

group-policy msw-grp internal

group-policy msw-grp attributes

vpn-tunnel-protocol svc

webvpn

svc ask none default svc

username mwinnett password vukFd0JFOKL2l7IE encrypted privilege 15

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool vpn_users

address-pool vpn_user_pool

default-group-policy msw-grp

prompt hostname context

ciscoasa(config)# sh vpn-sessiondb svc

Session Type: SVC

Username : mwinnett Index : 6

Assigned IP : 20.1.1.200 Public IP : 10.48.67.22

Protocol : Clientless SSL-Tunnel

Encryption : RC4 Hashing : SHA1

Bytes Tx : 45779 Bytes Rx : 19750

Group Policy : msw-grp Tunnel Group : DefaultWEBVPNGroup

Login Time : 17:14:35 UTC Thu Sep 13 2007

Duration : 0h:01m:02s

NAC Result : Unknown

VLAN Mapping : N/A VLAN : none