04-21-2022 06:12 AM - edited 04-21-2022 06:17 AM
In a scenario where we are using Remote access VPN with a Full tunnel and the user trying to reach 8.8.8.8
His LAN subnet 10.1.1.10/24. I want to know what will be the source and destination of the packet
Solved! Go to Solution.
04-21-2022 06:32 AM
Source 192.168.1.10 and destination 100.100.100.100.
04-21-2022 07:35 AM
there is two IP header
one outer header is public IP of ASA and Public IP of Client
the inner header is source is your client IP get from ASA pool and destination is what client ping inside.
if it ping 8.8.8.8 then
Outer is same
Inner is source is your client IP get from ASA pool and destination is 8.8.8.8,
here you need NAT the client IP to Public IP of ASA so it appear finally that Public IP of ASA is ping 8.8.8.8.
04-21-2022 06:16 AM
@prakashcsco with a full tunnel VPN you'd have to hairpin the traffic and route back out the outside interface, therefore the source would be the IP address of the ASA or if using a NAT pool a public IP address in the pool.
You'd need to configure from the CLI "same-security-traffic permit intra-interface" to allow the hairpin and a NAT rule.
04-21-2022 06:21 AM
Thanks Rob, i have attached a picture . so in case a user in home with ip 192.168.1.10 connects to vpn and gets a Ip of 10.1.1.10. so now he tries to sent a echo request to 8.8.8.8 . if in case we do a packet capture in his lan card. what will be the source and destination?
04-21-2022 06:25 AM
@prakashcsco if you are capturing the traffic on the local LAN, you'd only see communication from the local PC IP address destined to the ASA (100.100.100.100)
04-21-2022 06:30 AM - edited 04-21-2022 06:32 AM
Got it. so the user's home LAN IP is 192.168.1.10 and he once connected to any connect he gets a 10.1.1.10.
so the source will be 10.1.1.10 and the destination will be 100.100.100.100 for reaching 8.8.8.8. Am i correct?
04-21-2022 06:32 AM
Source 192.168.1.10 and destination 100.100.100.100.
04-21-2022 07:35 AM
there is two IP header
one outer header is public IP of ASA and Public IP of Client
the inner header is source is your client IP get from ASA pool and destination is what client ping inside.
if it ping 8.8.8.8 then
Outer is same
Inner is source is your client IP get from ASA pool and destination is 8.8.8.8,
here you need NAT the client IP to Public IP of ASA so it appear finally that Public IP of ASA is ping 8.8.8.8.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide