Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1681
Views
0
Helpful
3
Replies

ASA 5520 ipsec vpn dns and internet access not working

warriorforGod
Level 1
Level 1

‎06-27-2011 07:20 AM - edited ‎02-21-2020 05:25 PM

I have set up a remote access ipsec vpn on an asa 5520.  I can connect, and ping internal ip addresses, however I cannot ping back out to the internet, and dns resolution does not work.  Any suggestions on where to start troubleshooting?

Labels:
0 Helpful
3 Replies 3

mvsheik123
Level 7
Level 7

‎06-27-2011 09:12 AM

Hello,

Sanitized config will be helpful in resolving this. Also, make sure if you are using corporate Internet for browsing as well (ie not allowing split tunnel) make sure the ACLs are correct.

hth

MS

0 Helpful

warriorforGod
Level 1
Level 1
In response to mvsheik123

‎06-27-2011 09:24 AM

a

0 Helpful

c_wombles
Level 1
Level 1
In response to warriorforGod

‎06-27-2011 11:51 AM

Hi Steve,

What you're attempting to do here is called Hairpinning or a 'U turn' with the traffic.

The following cisco document describes what you're attempting to do.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_params.html#wp1042114

In short you'll need to add the following to your configuration

// Permit hairpinning

same-security-traffic permit intra-interface

// Nat VPN traffic to outside interface

object network vpn

nat (outside,outside) interface

// Add the following so traffic from one vpn client to another is not natted.

nat (outside,outside) source static vpn vpn destination static vpn vpn

0 Helpful
Customers Also Viewed These Support Documents