Solved: Hi, You are on the right path

junaid khan · ‎11-18-2014

I have a Remote access vpn (any connect) and ipsec tunnel connecting to back to our vendor is on the same firewall outside interface.

The problem is when the remote users vpn in they are not able to ping or reach the vendor network over the tunnel.

now i understand that it is a hairpin or u turn traffic issue but i am still not able to figure out how the remote vpn users can reach the vendor network over the tunnel which is terminated on same interface where remote access vpn is also configured.

Firewall is asa 5510 ver 9.1

Any suggestions please.

Dinesh Moudgil · ‎11-19-2014

Hi,

You are on the right path. U turning will be needed to allow vpn clients to access resources across L2L VPN tunnel.

The essence is the split tunneling access-list must include the subnets of the remote VPN peer so that once the user connects they have the routes pertaining to the remote resources over anyconnect VPN

Please go through this posts and this will guide you how to go about configuring the u turning on the ASA.
https://supportforums.cisco.com/document/52701/u-turninghairpinning-asa

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎11-19-2014

Hi,