Without getting in to all of the gory details of the network set up and the reasons behind it all, I need to configure hairpinning between 2 Cisco ASA's running 8.4(3) at different locations. I've found several config examples but for all of them, it's site-to-site VPN's working with VPN clients and the clients needing access to that spoke, remote network. My setup is for outside requests to what we'll call the main site, 10.0.1.1. If a person makes a http or https request to my main site, the ASA there and the hairpinning configurations will recognize the request, and forward the packet on to 220.127.116.11, my 2nd site, and that ASA is accepting (already set up and working) http and https requests from anywhere.
Like I mentioned, I've found numerous examples of doing hair pinning between site to site VPNs and VPN clients, all inside authenticated connections, but this one has a different configuration of course. I'm not caring if anyone is authenticated. I'm not caring who you are (unless you are trying to break in!)
Does anyone have anything like this in use, or know where I can find a configuration example to go forward with?
Here's a configuration example I was trying.
same-security-traffic permit intra-interface
object network obj_10.0.1.1
subnet 10.0.1.1 255.255.255.255
object network obj_10.0.2.2
subnet 10.0.2.2 255.255.255.255
source static OBJ-10.0.1.1 OBJ-10.0.1.1 destination static OBJ-10.0.2.2 OBJ-10.0.2.2
I've also found to add a an ACL from config examples to allow http and https to not get dropped at the main site.
I do appreciate any help. Thank you.
Couple links I've been working from to get this working.