Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
1
Replies

VPN-client to VPN-client traffic

ccreacoon
Level 1
Level 1

‎10-16-2014 06:49 AM

Hi,

I'm trying to configure an ASA so it allows 2 VPN-Clients (on the same subnet) to SSH each other (or any other IP traffic).
What is the best way to accomplisch this?

Best regards,

Tom

Labels:
0 Helpful
1 Reply 1

David Johan Castro Fernandez
Level 3
Level 3

‎10-20-2014 08:08 PM

Hi Tom,

 

To accomplish this you will need u-turn configuration, to define when the packets from the VPN client ingress to the outside interface, they won't try to find the destination on the inside interface therefore we will need to define this:

 

1. This command will enable U-turning on the ASA:

 

IP local pool VPN_Client_IPs 192.168.11.0-192.168.11.0 mask 255.255.255.0

- ciscoasa(config)# same-security-traffic permit intra-interface

 

2. Then we will define a NAT 0 statement on the outside:

 

for example:

 

8.3 NAT:

 

object network obj-192.168.11.0

subnet 192.168.11.0 255.255.255.0

 

nat (outside,outside) 1 source static obj-192.168.11.0 obj-192.168.11.0 destination static obj-192.168.11.0 obj-192.168.11.0 no-proxy-arp route-lookup

This is an explicit example on ASAs, you can follow this logic.

 

What do you have on your network as the VPN server?

What type of VPN software are you using?

 

 

Let me know if this work for you.

 

Please don't forget to rate,

 

Best Regards, 

 

David Castro,

 

 

0 Helpful
Customers Also Viewed These Support Documents