Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
1
Replies

ASA8.4 L2L to L2L Hairpinning

mikedeyoung
Level 1
Level 1

‎01-08-2013 10:29 AM

Hi All,

I am stumped on how to configure hub-end-ASA to hairpin between two spokes both configured for L2L VPN with Hub-ASA.

ASA2 <- L2LVPN -> ASA1 (works)

ASA3 <- L2LVPN -> ASA1 (works)

ASA3 <-L2LVPN -> ASA1 <-L2LVPN-> ASA2  (fails)

My configuration filtered on relevent syntax...

same-security-traffic permit intra-interface

nat (outside,outside) source static ASA2 ASA2 destination static ASA3 ASA3

nat (outside,outside) source static ASA3 ASA3 destination static ASA2 ASA2

Any help would bring goodness into the world.

Thx

diagram.png

Labels:
0 Helpful
1 Reply 1

Nicholas Carrieri
Cisco Employee
Cisco Employee

‎02-05-2013 10:50 AM

I would have to take a look at your interesting ACLs and make sure that they include the subnets from ASA2 going to the subnets of ASA3.  I'm assuming you already did a packet tracer on the outside to see what the ASA will do with the traffic.  I hope this helps.

0 Helpful
Customers Also Viewed These Support Documents