cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1706
Views
0
Helpful
3
Replies

ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?

JERRY VANCORBACH
Beginner
Beginner

I've got 3 sites.  Site A is connected to both Site B and Site C via IPSEC tunnels (all devices are ASA5540).  Site A also acts as a VPN concentrator for remote access users.  I upgraded the ASA code at Site A from 8.2(5) to 8.2(5.26) per the Cisco advisory to deal with the SSL VPN Active-X RDP vulnerability.  This update solved the issue with Active-X RDP, but, now users who connect with AnyConnect to Site A can not establish a connection to hosts in Site B or Site C.  They can Ping those hosts, but cannot connect to them using TCP (i.e. telent, rdp, ftp, etc...). 

So what changed with this minor code upgrade and how to I restore the ability of these remote users utilize resources at the other sites?  Has anybody else experienced this?

Thanks,

1 Accepted Solution

Accepted Solutions

Mohammad Alhyari
Cisco Employee
Cisco Employee

Hey.

I think you are hitting a bug

anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.

View solution in original post

3 Replies 3

Mohammad Alhyari
Cisco Employee
Cisco Employee

Hey.

I think you are hitting a bug

anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.

JERRY VANCORBACH
Beginner
Beginner


TAC has confirmed that this is a bug (CSCty32412).

Thanks,

-jerry

Yes CSCty32412 is the correct bug. To fix this bug, upgrade the ASA to 8.2(5.29) which is not available on cisco website. To get this code, please open a case with Cisco TAC VPN team and ask them to publish this software for you.

Thanks,

Vishnu Sharma

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: