Cisco ASA - VPN and Hairpinning....
- by Nordberg
Hi,
We have 2 sites that will be linked by a IPSEC VPN between 2 Cisco ASAs:
Site 1
8Mb ADSL Connection
Cisco ASA 505
Site 2
2Mb SDSL Connection
Cisco ASA 505
Basically, both sites need access to a service at the end of another IPSEC VPN, Site 3, which I plan to terminate at Site 2. This is due to the way the service is sold - it's billed per gateway. So if both Site 1 and Site 2 had their own VPN connection to Site 3, it would cost us twice as much...
Anyway, my idea is to have all traffic from Site 1 destined for Site 3 to go via the VPN between Site 1 and Site 2. The end result being all traffic that hits Site 3 has come via Site 2.
I understand this is known as hairpinning but I'm struggling to find a great deal of information on how this is setup. So, firstly, can anyone confirm that what I'm trying to achieve is possible and, secondly, can anyone point me in the direction of an example of such a configuration?
Many Thanks.