I'm running 8.0.4 on two ASA's in active/passive mode with client-to-site IPSEC and SSL VPN tunneling active. This issue occurs whether I connect via IPSEC or SSLVPN.
I have a variety of machines pointing to ASA's as their default gateway which work fine using RDP or any other type of connection from the VPN clients. Other servers point to a Sonicwall firewall as their default gateway which has a route to the ASA's for the network the VPN clients sit on.
The ICMP redirect seems to work correctly as I see a route entry for the VPN client (pointing to the ASA's) in the servers route table that use the Sonicwalls as their default gateways.
From the VPN client, I can ping ALL servers but cannot connect via RDP or any other method to the server using the Sonicwall. I fired up a sniffer and see a RST coming from the clients back to the server and I'm not sure why. This is what Wireshark shows:
Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
Any ideas as to the cause?