Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
0
Helpful
1
Replies

Hairpin for IOS anyconnect

s.buskus
Level 1
Level 1

‎02-22-2009 08:16 AM - edited ‎02-21-2020 04:09 PM

I'm having a problem trying to have a anyconnect client hairpin to the Internet on a Cisco2821 with 12.4(22)T.

I believe my nat is correct. I'm using a route-map for NAT and it includes the VPN pool. I also include the vpn-pool in no-nat.

The vpn-pool is not directly conected, so I created a loopback interface with the same network as the vpn-pool.

I suspect the problem is the sslvpn virtual interface SSLVPN-VIF0. When I use "ip debug packet detail". I see the packets directed toward my default gatway, but nothing appears in the nat tables. Since the sslvpn is using a virtual interface, is there a way to define it as "ip nat inside"?

has anyone had any luck with sslvpn to hairpin?

Thanks,

Stan

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎03-02-2009 03:30 PM

Make sure that When you configure a tunnel default gateway, the VPN Concentrator forwards the tunnel-to-tunnel traffic to the tunnel default gateway. That device redirects the traffic back through the VPN Concentrator en route to its destination.

Redirecting traffic out the same interface that received it is sometimes called hairpinning. Some devices, such as the PIX Firewall, do not support hairpinning.

0 Helpful
Customers Also Viewed These Support Documents