Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

Trouble with hairpinning

James Dykes
Level 1
Level 1

‎11-20-2012 09:10 PM - edited ‎03-11-2019 05:25 PM

I am trying to set up a hairpinning configuration for a client, wherein they have hardcoded their external IP address in their application for SQL access. From one of their servers the hairpinning works somewhat - a connection is established, but there are FIN ACK timeouts trying to close the connection. From other servers, I'm not even able to get that far - the connection gets a SYN timeout.

My config is attached with the externals redacted. What am I missing?

Labels:
138719-athenafirewall.txt.zip
0 Helpful
2 Replies 2

lcambron
Level 3
Level 3

‎11-21-2012 09:37 AM

James,

We need more information about the packet flow.

What are the source and destination addresses, is the connection coming from inside and destined to the inside as well?

Regards,

Felipe.

0 Helpful

n_schloemer
Level 1
Level 1

‎11-21-2012 11:26 AM

James,

Have you created a tcp-state-bypass policy-map which matches your traffic flows?  We had a similar issue with load-balanced edge Lync servers and saw similar TCP debug returns.  Below is some information you may want to look at.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.pdf

Thanks,

Nick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card