Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1686
Views
0
Helpful
1
Replies

Hair-pin traffic on the ASA FTD / FMC

JMCNEL
Level 4
Level 4

‎09-10-2019 01:40 PM - edited ‎02-21-2020 09:29 AM

emote site router ==> ipsec tunnel==> 5555x FTD / FMC (ASA headend)

 

I see ALL event details of traffic (local and web traffic) that is crossing the ipsec tunnel in the CLI of the ASA FTD but I only see local traffic in the FMC. I do not see any 80 or 443 event details in the FMC.

 

The ASA FTD has  a NAT rule to U-turn internet traffic (outside to outside)

We do see translation and traffic going out of ASA outside interface. When this is not a through traffic, do FIREPOWER / ASA FTDwe expect an event to be created on fmc dashboard? We dont see it in the FMC - only in the CLI

 

Any input would be greatly appreciated.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-13-2019 05:34 AM

Good question. I just checked one of mine and confirm I also do NOT see connection events for VPN users.

I'm thinking we may need to add an explicit allow ACP rule for Outside-Outside traffic with logging enabled.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card