I have successfully configured hairpinning on two ASA 5505s and an ASA 5510. The 5510 is the central site actually doing the hairpinning.
My current frustration is that the hairpinning only appears to work when have interesting traffic coming from both sides of the equation.
An example:
Hub ASA is 10.20.0.1
Spoke 1 ASA is 10.101.0.1
Spoke 2 ASA is 10.131.0.1
I have an existing VPN tunnel between each site (101-20 and 131-20) with traffic flowing over that tunnel.
After configuring hairpinning if I send interesting traffic from site 101 to site 20 destined for site 131 a second tunnel is formed at site 101, but the traffic does not arrive at 131. In order for traffic to arrive at 131 I must send interesting traffic from site 131 to site 20 destined for site 101.
Is this proper functionality of hairpinning? It would be much more desireable for me for interesting traffic required in only one direction to build out the entire tunnel.
Richard
My current frustration is that the hairpinning only appears to work when have interesting traffic coming from both sides of the equation.
An example:
Hub ASA is 10.20.0.1
Spoke 1 ASA is 10.101.0.1
Spoke 2 ASA is 10.131.0.1
I have an existing VPN tunnel between each site (101-20 and 131-20) with traffic flowing over that tunnel.
After configuring hairpinning if I send interesting traffic from site 101 to site 20 destined for site 131 a second tunnel is formed at site 101, but the traffic does not arrive at 131. In order for traffic to arrive at 131 I must send interesting traffic from site 131 to site 20 destined for site 101.
Is this proper functionality of hairpinning? It would be much more desireable for me for interesting traffic required in only one direction to build out the entire tunnel.
Richard