06-21-2016 08:31 AM - edited 02-21-2020 08:52 PM
Hi All,
We are having some issues with getting hairpinning working for our SSL VPN connections on the Cisco 5585 ASA.
Our setup is that we have configured and enabled SSL VPN for our remote useres. This works fine and as expected, at the moment we have split tunneling turned on so only internal company traffic goes through the tunnel, and all other traffic goes through the users local connection.
We have a need to connect to a web server that is reachable through a L2L IPSEC Tunnel and we are wondering if that is possible? and if so, if you have some ideas to get this working
Please note that we already added the following command to allow the same interface to be the ingress and outgress interface:
same-security-traffic permit intra-interface
We have tried the following:
-Put the IP address of the outside interface in the interesting traffic of the L2L IPSEC Tunnel (both ends) but no success at all. We understand that ASA will use its outside IP address to reach the web server as its source address because it is the nearest interface throught the client. Do you have any other way to make this working?
Scenario:
ASA (outside) ------ INTERNET ------- RA USERS
ASA (outside) -------L2L IPSEC TUNNEL ------WEB SERVER
1.-Users connect to the SSL VPN through the web portal
2.-ASA must reach the web server through a L2L IPSEC Tunnel (we are stuck here)
3.-No more success from this point.
The ASA version is 9.1.x
Any comment will be appreciated.
Thank you so much.
06-21-2016 08:59 AM
Hi,
Please check this link for doing this configuration:
https://supportforums.cisco.com/discussion/10914361/anyconnect-client-site-site-destination
This would help you to perform the same configuration.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
06-21-2016 09:14 AM
Hi Aditya,
Thank you for your quick reply.
That would work great on anyconnect, thank you.. just i am wondering if is the same approach to go for clientless SSL VPN? because there we do not have private IP add assigned to our remote clients.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide