10-19-2006 01:19 PM - edited 02-21-2020 01:15 AM
I know that historically the Pix has not allowed packets arriving on the inside interface to be routed back out the same interface. With v7.x, though, the command "same-security-traffic permit intra-interface" apparently allows hairpinning of encrypted traffic between different tunnels on a single physical interface. Is there an equivalent command in v7.x that will allow hairpinning of UN-encrypted traffic on the inside interface?
10-19-2006 01:47 PM
This is an example of intra-interface communication without VPN. See if it helps:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml
HTH
AK
10-20-2006 05:04 AM
Ah, so with v7.2 the "same-security-traffic" command DOES support this... I'll have to check that out. Thanks.
-Mat
10-20-2006 08:41 AM
Based on the 7.2 doc, it's pointing to that direction. Hope it suit your requiremnt, as most of the docs are on inter-interface/ intra-interface related to vpn.
Pls rate all helpful posts.
rgds,
AK
10-23-2006 10:27 PM
And what happens when (using netw. map from http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml)
client from 172.16.10.0/24 tries to establish tcp session with a server located in 172.22.1.0/24? The first SYN packet is routed to server, then it answers with SYN+ACK packet, which is tranmitted to inside ASA interface, which is used as default gateway. ASA finds that in connection table are no record associated with this session, and does not send the packet to the destination. What may be used as a workaround? Thanks
01-19-2007 11:17 AM
I have a similar issue and wondering if this would solve it. I have a CSS on DMZ and servers behind CSS that are load balanced all works fine. I have other servers server behind CSS that also need to get to the load balanced VIP. Can these servers exit the firewall and re-enter the firewall with the public address which would then get them to load balanced VIP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide