ASA EasyVPN Hairpinning
Posted on 2008-10-07
I like to connect a number of asa5505 to a central asa5510 using easyvpn. There is no problem with vpn-tunnels since the local offices are connected and traffic is passing through the tunnels (internet browsing is ok).
My problem is that since the tunnels are terminated at the same interface, i can't figure out if there shall be same nat rules to permit traffic between the 2 sites.. and if it shall, how will they look?
firewall A has 192.168.15.0/24 as inside network and is attached to firewall C at interface 172.28.3.254
firewall B has 192.168.16.0/24 as inside network and is attached to firewall C at interface 172.28.3.254
I like to be able to ping 192.168.15.100 ( or any other adress at that net) from 192.168.16.0/24 and reverse
I have used the: "same-security-traffic permit intra-interface" command and local offices are in "network extension mode" but still no success..