Hi nkarthikeyan

I`f been looking into hair pinning as-well. But all the explanation and screenshots are from older versions of ASDM. I cannot find the hairpin feature.

object network OBJ_VPN_Pool

network 192.168.10.0 255.255.255.0

nat (outside,outside) dynamic interface
 

So i try to understand what you showing:

I need to make a opject of the "VPN ip DHCP range" in my case 192.168.1.100-110/24

and then i should enter the nat statment you gave me.

Is this correct?

Thanks in advanced

Hi Palermo,

Yes. VPN Pool will be the source and NAT to be done for Outside to Outside as given along with the same-security-traffic permit intra-interface which you were mentioned in the original post.

So this will ensure the traffic come in and go out on the same interface.

It should work in the way we explained.

HTH

Regards

Karthik

Hi MariusGunnerud

what you telling me is may be the same thing as what nkarthikeyan is telling?

I`m quite new to the ASA series of cisco.

Mostly all thinks are done via ASDM. All the screenshots are form older version of ASDM.

Cisco has changed allot over the past few years.

Thanks in advanced

Greetings

Palermo

You need to configure hairpinning for the RA VPN and one part is done by using the command Karthik provided.  the other is to allow traffic to make a u-turn on an interface (enter and then leave the same interface) which you have already mentioned in your original post.  So here is my spin on the commands you need to use:

same-security-traffic permit intra-interface

object network RA_VPN
  range 192.168.1.100 192.168.1.110
  nat (outside,outside) dynamic interface

--

Please remember to select a correct answer and rate helpful posts

Hi Marius

Marius and nkarthikeyan

Thanks for helping me.. it gives me a good grasp of de cisco asa tech. (not so easy:-)

I configured like you say`d. Problem is that i need to configure all via ASDM. Not handy.

the config looks like this:

object network RA_VPN
 range 192.168.1.100 192.168.1.110

object network obj_any
 nat (inside,outside) dynamic interface
object network RA_VPN
 nat (outside,outside) dynamic interface

and of course

same-security-traffic permit intra-interface

I`m not able to internet via VPN tunnel.

am i missing something.

if added the complete config as an attachment.

ps...  It is not really need to have the VPN_Pool in the same subnet as the DHCP server for local interfaces. But if i change the subnet to a different range i`m not able to access devices from the local subnet.. I`m bona solve that later..

Whow.

How cool is that. (or not)

it is exactly how you said it..

I`m able to ping to the 4.2.2.2 and 8.8.8.8

But i`m not able to resolve google.com from the client via VPN.

So i`n now looking into configuring the DNS from the local internet provider.

l`l let you know.

thanks

Hi Palermo,

Yeah... The DNS from the local service provider will give you the desired result.... Open DNS server mapping will have the latency and performance issues.....

HTH

Regards

Karthik

Hi,

I`f configured the DNS. But still no cigar.

I`f configured the DNS on the following places: 

group-policy Home-VPNSSL attributes
 wins-server none
 dns-server value 213.51.129.37
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client

and

ns domain-lookup inside
dns server-group DefaultDNS
 name-server 213.51.129.37
 name-server 213.51.144.37
 domain-name ziggo.nl
same-security-traffic permit intra-interface

How far can i be wrong.

i`f got the feeling that we are close.

Thanks in advanced

did you disconnect and then reconnect the VPN client?  if not please disconnect and reconnect and then test.

--

Please remember to select a correct answer and rate helpful posts

Marius,

the fact that i`m posting this message via internet over the VPN session says enough. :-)

I guess that i was a bit impatient.

After disconnecting en reconnecting, internet works via VPN.

I`m gona clean up the configuration after a lot of testing and trying.

MariusGunnerud & nkarthikeyan & tbangia 

Without you. i think i never got it working. I leaned allot today.

Thanks for your help. I really appreciate it.

Greeting

Palermo

NICE!

Glad you got it working, and thank you for the rating