Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4022
Views
5
Helpful
3
Replies

ASA Hairpinning Remote VPN users 8.4

allensurface
Level 4
Level 4

‎08-15-2011 12:49 PM

I have set this up on pre 8.3 code and 8.3 code as well. I have the following configured on the ASA, but it is not working and I am not seeing the ASA trying to NAT the VPN pool IP address that the client gets assigned.

object network VPNPool

subnet 192.168.70.0 255.255.255.0

nat (outside,outside) dynamic interface

same-security-traffic permit intra-interface

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎08-16-2011 04:43 AM

Is this VPN configured with no split tunnel, ie: tunnelall?

Also, is the vpn client try to access the Internet and you were trying to NAT that to the outside IP?

Can you please share a copy of "sh nat" to see if there is any overlaps.

You might also like to run packet tracer and see what is the result.

0 Helpful

Gerry Egan
Level 1
Level 1
In response to Jennifer Halim

‎08-30-2012 04:45 AM

Did anyone ever get this working?

0 Helpful

Gerry Egan
Level 1
Level 1
In response to Gerry Egan

‎11-04-2012 06:40 AM

Hi,

Incase anyone else has this problem this worked for me:

object network VPN_UserNet_TunALL

subnet 192.168.23.0 255.255.255.0

nat (outside,outside) source dynamic VPN_UserNet_TunALL interface

same-security-traffic permit intra-interface

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents