Solved: Hairpin VPN on OUTSIDE interface

cheery Tomato · ‎07-30-2012

Hairping VPN on OUTSIDE interface

What I currently have is SSL Anyconnect VPN connections to the ASA which is working fine.

I want to tunnel all networks back through the ASA.

Any web connections will go to the ASA and haripin back out the OUTSIDE interface to get web access.

I have a static route on the ASA for creating the VPN

route OUTSIDE 0.0.0.0 0.0.0.0 <PUBLIC_IP>

NAT exemption is in place for creating the VPN

nat (INSIDE,OUTSIDE) source static any any destination static VPN_POOL_OG VPN_POOL_OG

What I need is the configuration to create the VPN hairpin for internet traffic.

Any help is greatly appeciated.

Javier Portuguez · ‎07-30-2012

Hi Thomas,

You need the following:

1)

same-security-traffic permit intra-interface

2)

VPN pool = 192.168.3.0/24

object network obj-vpnpool

subnet 192.168.3.0 255.255.255.0

nat (outside,outside) dynamic interface

!

Please let me know

Rate any post you find helpful.

Javier Portuguez · ‎07-30-2012

Hi Thomas,

You need the following:

1)

same-security-traffic permit intra-interface

2)

VPN pool = 192.168.3.0/24

object network obj-vpnpool

subnet 192.168.3.0 255.255.255.0

nat (outside,outside) dynamic interface

!

Please let me know

Rate any post you find helpful.

cheery Tomato · ‎07-30-2012

Javier, you legend.

Thanks very much.

Never had a straight answer so quickly.

Cheers.

Javier Portuguez · ‎07-30-2012

I so happy to hear that!!

Thanks for your nice comments (5 stars), they are more valuable than any stars

Do not hesitate to count on us at any time.

Take care!!