09-13-2016 03:41 AM - edited 03-08-2019 07:24 AM
Hi guys, I'm a newbie when it comes to firewalls, and I'd like to ask for your help on an issue I came across recently.
We have a Cisco ASA 5505 with 4 Interfaces: Guest WLAN, DMZ, inside, outside
There's L2TP/IPsec VPN configured for the inside interface, which is working perfectly when connecting from the outside interface. But when connecting from the Guest WLAN, the connection fails. (I'm not using any VPN software, just Windows VPN)
So, my uneducated guess was, that I probably can't connect to the IP-address (let's say, 189.178.66.100) returned by DNS for the VPN-URL, which was right, I can't ping it from the Guest WLAN. So I tried to connect to the IP-address of the firewall inside the Guest WLAN (say, 172.16.0.1), which didn't work either.
After some research I played around with additional NAT-rules and Hairpinning, but I only messed stuff up and reverted my changes.
Could you tell me where exactly I have to add Hairpinning-rules? Or am I wrong in thinking that's the problem?
Thanks and best regards
Solved! Go to Solution.
09-13-2016 05:26 AM
You need to enable VPN on the Guest WLAN interface and point your VPN connection to the ASA's IP address of that interface.
Also you need to do a NAT exempt for the VPN, you already have a rule for VPN coming to the outside interface, copy it and change the interface to Guest WLAN instead.
Hope this helps.
09-13-2016 05:26 AM
You need to enable VPN on the Guest WLAN interface and point your VPN connection to the ASA's IP address of that interface.
Also you need to do a NAT exempt for the VPN, you already have a rule for VPN coming to the outside interface, copy it and change the interface to Guest WLAN instead.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide