I've got 3 sites. Site A is connected to both Site B and Site C via IPSEC tunnels (all devices are ASA5540). Site A also acts as a VPN concentrator for remote access users. I upgraded the ASA code at Site A from 8.2(5) to 8.2(5.26) per the Cisco advisory to deal with the SSL VPN Active-X RDP vulnerability. This update solved the issue with Active-X RDP, but, now users who connect with AnyConnect to Site A can not establish a connection to hosts in Site B or Site C. They can Ping those hosts, but cannot connect to them using TCP (i.e. telent, rdp, ftp, etc...).
So what changed with this minor code upgrade and how to I restore the ability of these remote users utilize resources at the other sites? Has anybody else experienced this?
Yes CSCty32412 is the correct bug. To fix this bug, upgrade the ASA to 8.2(5.29) which is not available on cisco website. To get this code, please open a case with Cisco TAC VPN team and ask them to publish this software for you.