Anyconnect Hairpin to WAN outside


(Kenneth Borup A) #1

Hi Everyone

Been having some problems getting a NAT statement to work, and hope there are anyone that can help me.

the basic idea is that I need to be able to redirect the VPN connection out though the Cisco ASA 5506-x unit, so that the clients WAN t address gets translated to the OUTSIDE wan link on the Cisco asa Unit

So far its working. When I connect to the VPN, the wan address changes to the Outside IP and I can access a webserver that needs the right address to work.

the strange thing is that if I enable the rule, all normal NAT / ACL from normal Outside to Inside for a webserver on the clients inside, stops working !

so right now i can choose between having hairpin or having Access to servers from the outside.

here is the NAT Rules I created.

Hairpin:

nat (outside,outside) source dynamic NETWORK_OBJ_INTERNALVPNPOOL interface

NAT Rule for server + ACL allowing trafic from outside to inside:

nat (DMZ,outside) static interface net-to-net no-proxy-arp service tcp http http

Any ideas ?


(Rene Molenaar) #2

Hi Kenneth,

If you try a packet-tracer for the traffic from the outside to the webserver, does it tell you anything why the traffic is dropped?

Rene