cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
591
Views
5
Helpful
2
Replies
davidoates
Beginner

Cisco ASA 5500 with 9.x Hairpinning (U-turn) with AnyConnect issue

This may have been answered, but I have not been able to find anything searching the forums.  I would like to setup the following scenario, but have not been able to figure this out. We have a shared wireless network of some corporate laptops and non-corporate laptops, so I do not have a way of separating which is which and I do not want to allow the untrusted computers access to the corporate LAN by using the "same-security-traffic" configuration. I would like to be able to allow the corporate users to use their AnyConnect VPN client to connect to the outside of the firewall. Is this possible? I haven't had any luck as of yet. Any help is greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Marvin Rhoads
VIP Community Legend

No you can't do it that way.

You could make the inside connection of the ASA a trunk with separate subinterfaces for the untrusted and trusted networks. That's pretty easy and straightforward and does not require any VPN usage.

The more modern approach (if your internal network devices support it) would be to use Trustsec Security Group Tags (SGTs).

View solution in original post

2 REPLIES 2
Marvin Rhoads
VIP Community Legend

No you can't do it that way.

You could make the inside connection of the ASA a trunk with separate subinterfaces for the untrusted and trusted networks. That's pretty easy and straightforward and does not require any VPN usage.

The more modern approach (if your internal network devices support it) would be to use Trustsec Security Group Tags (SGTs).

Thanks for info Marvin, I'll look into those options.

Create
Recognize Your Peers
Content for Community-Ad