05-15-2012 01:07 PM
I've got 3 sites. Site A is connected to both Site B and Site C via IPSEC tunnels (all devices are ASA5540). Site A also acts as a VPN concentrator for remote access users. I upgraded the ASA code at Site A from 8.2(5) to 8.2(5.26) per the Cisco advisory to deal with the SSL VPN Active-X RDP vulnerability. This update solved the issue with Active-X RDP, but, now users who connect with AnyConnect to Site A can not establish a connection to hosts in Site B or Site C. They can Ping those hosts, but cannot connect to them using TCP (i.e. telent, rdp, ftp, etc...).
So what changed with this minor code upgrade and how to I restore the ability of these remote users utilize resources at the other sites? Has anybody else experienced this?
Thanks,
Solved! Go to Solution.
05-15-2012 03:15 PM
Hey.
I think you are hitting a bug
anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.
05-15-2012 03:15 PM
Hey.
I think you are hitting a bug
anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.
05-16-2012 09:03 AM
TAC has confirmed that this is a bug (CSCty32412).
Thanks,
-jerry
05-16-2012 03:40 PM
Yes CSCty32412 is the correct bug. To fix this bug, upgrade the ASA to 8.2(5.29) which is not available on cisco website. To get this code, please open a case with Cisco TAC VPN team and ask them to publish this software for you.
Thanks,
Vishnu Sharma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide