Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
5
Helpful
2
Replies

Cisco ASA 5500 with 9.x Hairpinning (U-turn) with AnyConnect issue

Go to solution
davidoates
Level 1
Level 1

‎10-19-2016 01:14 PM - edited ‎02-21-2020 09:01 PM

This may have been answered, but I have not been able to find anything searching the forums.  I would like to setup the following scenario, but have not been able to figure this out. We have a shared wireless network of some corporate laptops and non-corporate laptops, so I do not have a way of separating which is which and I do not want to allow the untrusted computers access to the corporate LAN by using the "same-security-traffic" configuration. I would like to be able to allow the corporate users to use their AnyConnect VPN client to connect to the outside of the firewall. Is this possible? I haven't had any luck as of yet. Any help is greatly appreciated.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-20-2016 04:48 PM

No you can't do it that way.

You could make the inside connection of the ASA a trunk with separate subinterfaces for the untrusted and trusted networks. That's pretty easy and straightforward and does not require any VPN usage.

The more modern approach (if your internal network devices support it) would be to use Trustsec Security Group Tags (SGTs).

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-20-2016 04:48 PM

No you can't do it that way.

You could make the inside connection of the ASA a trunk with separate subinterfaces for the untrusted and trusted networks. That's pretty easy and straightforward and does not require any VPN usage.

The more modern approach (if your internal network devices support it) would be to use Trustsec Security Group Tags (SGTs).

Go to solution
davidoates
Level 1
Level 1
In response to Marvin Rhoads

‎10-21-2016 07:31 AM

Thanks for info Marvin, I'll look into those options.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents