Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
1
Helpful
3
Replies

VPN hairping with source NAT ASA

Richard Tapp
Level 1
Level 1

‎02-08-2024 08:46 AM

We have an ASA in AWS and it has 2 VPNs, 1 to AWS (subnet A) and 1 to Azure (Subnet B)

All traffic from the ASA to subnet B is source NAT'ed, so we never have to change or add subnets when going to subnet B.

Subnet Z is on the inside interface of the ASA. Subnet Z to subnet A works and subnet Z to subnet B works.

We are trying to get from Subnet A to subnet B. I have done an outside/outside NAT with the src NAT set as well.

Subnet B is also set as a local network on the ASA to AWS VPN, but if I look at the tunnel details on ASDM when trying to connect from subnet A to subnet B, I dont see the flow being built.

AWS side has routes to subnet B in both the VPC and tunnel and the all the required subnets are covered by the tunnel details on AWS

We do other hairpinning from Anyconnect to subnet A and subnet B, so we know hairpinning is OK in general.

I just can't figure out what is missing to get from subnet A to subnet B

RichardTapp_1-1707410722464.png

RichardTapp_0-1707410240027.png

 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎02-08-2024 09:22 AM

As I know you already solve this issue yesterday.

This new or update to last issue ?

Thanks 

MHM

0 Helpful

Richard Tapp
Level 1
Level 1
In response to MHM Cisco World

‎02-09-2024 01:13 AM

This is a different issue

MHM Cisco World
VIP
VIP
In response to Richard Tapp

‎02-09-2024 01:43 AM - edited ‎02-09-2024 01:44 AM

hope this note help you in your issue 

RichardTapp_0-1707410240027.png

0 Helpful
Customers Also Viewed These Support Documents