Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
1
Replies

VPN from Guest WLAN interface to internal interface

Go to solution
Lonzo0189
Level 1
Level 1

‎09-13-2016 03:41 AM - edited ‎03-08-2019 07:24 AM

Hi guys, I'm a newbie when it comes to firewalls, and I'd like to ask for your help on an issue I came across recently.

We have a Cisco ASA 5505 with 4 Interfaces: Guest WLAN, DMZ, inside, outside

There's L2TP/IPsec VPN configured for the inside interface, which is working perfectly when connecting from the outside interface. But when connecting from the Guest WLAN, the connection fails. (I'm not using any VPN software, just Windows VPN)

So, my uneducated guess was, that I probably can't connect to the IP-address (let's say, 189.178.66.100) returned by DNS for the VPN-URL, which was right, I can't ping it from the Guest WLAN. So I tried to connect to the IP-address of the firewall inside the Guest WLAN (say, 172.16.0.1), which didn't work either.

After some research I played around with additional NAT-rules and Hairpinning, but I only messed stuff up and reverted my changes.

Could you tell me where exactly I have to add Hairpinning-rules? Or am I wrong in thinking that's the problem?

Thanks and best regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
S-Lemming
Level 1
Level 1

‎09-13-2016 05:26 AM

You need to enable VPN on the Guest WLAN interface and point your VPN connection to the ASA's IP address of that interface.

Also you need to do a NAT exempt for the VPN, you already have a rule for VPN coming to the outside interface, copy it and change the interface to Guest WLAN instead.

Hope this helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
S-Lemming
Level 1
Level 1

‎09-13-2016 05:26 AM

You need to enable VPN on the Guest WLAN interface and point your VPN connection to the ASA's IP address of that interface.

Also you need to do a NAT exempt for the VPN, you already have a rule for VPN coming to the outside interface, copy it and change the interface to Guest WLAN instead.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card