How to configure the hairpinning feature on the PIX/ASA
With PIX/ASA version 7.0 and later, a new feature is introduced that allows the PIX to support hairpinning in a VPN environment.
When the PIX/ASA is the hub in a VPN environment, this feature supports spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface. If the traffic is un-encrypted, it is dropped.
In order to configure this, issue the same-security-traffic permit intra-interface command.
Note: All traffic allowed by the permit intra-interface command is still subject to all firewall rules. It is advised to be very careful not to create an asymmetric routing condition which causes return traffic not to traverse the firewall.
If you must use the ASA as the default gateway for directly connected hosts, create a PAT rule to translate the traffic to the IP address of the interface before you send it to the next-hop router on the same subnet.
you can also grab the RSS feed or Subscribe to Techgurulive by Email
Not Getting
Twitter, a micro-blogging service, has rolled out a new Lists feature that was announced last month. Selected groups of people are getting Lists feature that allows custom Twitter users list...
To access a private web server from outside public network, we require live ips, the following diagram shows how to setup the network for accessing the web server. The above...
