Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
1
Replies

Anyconnect U-turning Internet traffic

Deepak Khemani
Level 1
Level 1

‎05-01-2016 05:02 AM - edited ‎02-21-2020 08:47 PM

Hi All

I have ASA 5525 with OS 9.4.4. We have two ISP connected to it. On both ISP interface we have enabled anyconnect vpn.

We tunnel all traffic to ASA and do U-turning or hairpinning for internet traffic. We have all nat and other commands in place. Everything works fine with ISP1 but when client connects to ISP2 interface u-turning does not work.

nat (ISP1,ISP1) static source Anyconnect-pool ISP1-public-IP

nat (ISP2,ISP2) static source Anyconnect-pool ISP2-public-IP

What I need is even if ISP1 is up and user connects anyconnect on ISP2 interface his traffic should be tunneled to ASA and should be able to access internet using nat (ISP2,ISP2) static source Anyconnect-pool ISP2-public-IP.

Please help 

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-01-2016 08:13 PM

Hi Deepak,

When the users try from ISP2 do you see traffic hitting the ASA ?

What do the logs say,could you share the logs ?

Can you do a packet-tracer and check ?

Also if possible please add the route-lookup keyword to both the NAT statements ?

Regards,

Aditya

Please rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents