Hi Folks,
This is one of those simple questions that I can't seem to find the answer to in Cisco's docs (terminology problems perhaps). What I need to do is have my remote colleagues be able to connect via VPN and then go out to the Internet looking like they're coming from the address of the router/firewall appliance itself (something that's apparently impossible with our current PIX 501s).
This is what's called hairpinning, right?
At any rate, we have clients who give us access to servers behind their firewalls, but I need people who aren't physically on the subnet that's been granted access to appear to be on it (and I'm envisioning this happening via a VPN client connection so we're not creating a huge security hole).
So, is this possible at the low end of the ASA line? Do I need some other piece of gear entirely?
Thanks for any help you can give me.
John Craig
Alpha-G Consulting, LLC
This is one of those simple questions that I can't seem to find the answer to in Cisco's docs (terminology problems perhaps). What I need to do is have my remote colleagues be able to connect via VPN and then go out to the Internet looking like they're coming from the address of the router/firewall appliance itself (something that's apparently impossible with our current PIX 501s).
This is what's called hairpinning, right?
At any rate, we have clients who give us access to servers behind their firewalls, but I need people who aren't physically on the subnet that's been granted access to appear to be on it (and I'm envisioning this happening via a VPN client connection so we're not creating a huge security hole).
So, is this possible at the low end of the ASA line? Do I need some other piece of gear entirely?
Thanks for any help you can give me.
John Craig
Alpha-G Consulting, LLC