Hello,
I'm having some issues with my anyconnect hairpinning. For some reason it will not let me access my sites on the WAN. I only have 3 IP addresses i need to access on the WAN so i made a splittunnel list for these 3 IP addresses. When i do a packet tracer everything looks correct but when i try to ping or access the IP adresses it doesn't work.
Thanks in advanced.
Here is the relevant config.
ASA Version 8.2(5)
!
name 1.1.1.1 Mycompany.com
name 1.1.1.2 admin.Mycompany.com
name 1.1.1.3 globalMycompany.com
name 100.64.0.0 DialinPool
same-security-traffic permit intra-interface
object-group network Mycompany_NAT_VPNaccess
network-object host admin.Mycompany.com
network-object host globalMycompany.com
network-object host admin.Mycompany.com
object-group network DM_INLINE_NETWORK_1
network-object host admin.Mycompany.com
network-object host globalMycompany.com
network-object host Mycompany.com
access-list Mycompany_common_splittunnel_netacl standard permit host admin.Mycompany.com
access-list Mycompany_common_splittunnel_netacl standard permit host Mycompany.com
access-list Mycompany_common_splittunnel_netacl standard permit host globalMycompany.com
access-list Mycompany_common_netacl extended permit ip DialinPool 255.255.255.0 any
ip local pool Mycompany_common_pool 100.64.0.10-100.64.0.100 mask 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 1 DialinPool 255.255.255.0
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record Mycompany_common_dap
network-acl Mycompany_common_netacl
webvpn
svc ask none default svc
webvpn
enable outside
svc image disk0:/anyconnect-macosx-i386-3.1.06073-k9.pkg 1
svc image disk0:/anyconnect-win-3.1.06073-k9.pkg 2
svc profiles Mycompany_common_anyconnect_profile disk0:/Mycompany_common_anyconnect_profile.xml
svc enable
group-policy Mycompany_common_policy internal
group-policy Mycompany_common_policy attributes
wins-server none
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Mycompany_common_splittunnel_netacl
webvpn
svc profiles value Mycompany_common_anyconnect_profile
tunnel-group Mycompany_common_tunnelgroup type remote-access
tunnel-group Mycompany_common_tunnelgroup general-attributes
address-pool Mycompany_common_pool
authentication-server-group Digipass
default-group-policy Mycompany_common_policy
tunnel-group Mycompany_common_tunnelgroup webvpn-attributes
group-url https://myvpn.Mycompany.com enable
!
!
