Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
0
Helpful
1
Replies

Anyconnect U-turning Internet traffic

Deepak Khemani
Level 1
Level 1

‎05-01-2016 05:02 AM - edited ‎02-21-2020 08:47 PM

Hi All

I have ASA 5525 with OS 9.4.4. We have two ISP connected to it. On both ISP interface we have enabled anyconnect vpn.

We tunnel all traffic to ASA and do U-turning or hairpinning for internet traffic. We have all nat and other commands in place. Everything works fine with ISP1 but when client connects to ISP2 interface u-turning does not work.

nat (ISP1,ISP1) static source Anyconnect-pool ISP1-public-IP

nat (ISP2,ISP2) static source Anyconnect-pool ISP2-public-IP

What I need is even if ISP1 is up and user connects anyconnect on ISP2 interface his traffic should be tunneled to ASA and should be able to access internet using nat (ISP2,ISP2) static source Anyconnect-pool ISP2-public-IP.

Please help 

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-01-2016 08:13 PM

Hi Deepak,

When the users try from ISP2 do you see traffic hitting the ASA ?

What do the logs say,could you share the logs ?

Can you do a packet-tracer and check ?

Also if possible please add the route-lookup keyword to both the NAT statements ?

Regards,

Aditya

Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents