ASA supports two same-security-traffic types. Their application scenarios are
1: different interfaces with the same security-level
2: traffic between the same interfaces: cisco is called IPSEC hairpinnig, which is mainly defined in ipsec vpn.
Description: ipsec vpn is not used for tunneling, or tunneling is not allowed. All traffic must be routed from the ASA.
2. There are two scenarios: a: one client (vpn) to the other client (vpn)
B: A client (vpn) is connected to the public Server, that is, the encrypted traffic is forwarded by the client to the ASA, And the unencrypted traffic is routed from the out interface to the public server.
For 2: the solution is same-security-traffic permit intra-interface
Ip local pool ippool 192.168.0.0 255.255.255.0 the address pool defined by IPSEC vpn:
Nat (outside) 1 192.168.0.0 255.255.255.0 ipsec vpn dial in again from the ASA outside Interface
Global (outside) 1 interface
At the same time, the Intranet of the original ASA needs to access the Internet.
Nat (inside) 1 10.1.1.0 255.255.255.0