We have 2 sites that will be linked by a IPSEC VPN between 2 Cisco ASAs:
Site 1 8Mb ADSL Connection Cisco ASA 505
Site 2 2Mb SDSL Connection Cisco ASA 505
Basically, both sites need access to a service at the end of another IPSEC VPN, Site 3, which I plan to terminate at Site 2. This is due to the way the service is sold - it's billed per gateway. So if both Site 1 and Site 2 had their own VPN connection to Site 3, it would cost us twice as much... Anyway, my idea is to have all traffic from Site 1 destined for Site 3 to go via the VPN between Site 1 and Site 2. The end result being all traffic that hits Site 3 has come via Site 2.
I understand this is known as hairpinning but I'm struggling to find a great deal of information on how this is setup. So, firstly, can anyone confirm that what I'm trying to achieve is possible and, secondly, can anyone point me in the direction of an example of such a configuration?
Many Thanks.
Take a look to this page. It provides a good example of what you want to take. As described at the end of the Background Information part, the interesting command is same-security-traffic so that you can allow site1 to exchange data with site3
There is another example here (a bit more clear may be)