ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?

Answered Question
May 15th, 2012

I've got 3 sites.  Site A is connected to both Site B and Site C via IPSEC tunnels (all devices are ASA5540).  Site A also acts as a VPN concentrator for remote access users.  I upgraded the ASA code at Site A from 8.2(5) to 8.2(5.26) per the Cisco advisory to deal with the SSL VPN Active-X RDP vulnerability.  This update solved the issue with Active-X RDP, but, now users who connect with AnyConnect to Site A can not establish a connection to hosts in Site B or Site C.  They can Ping those hosts, but cannot connect to them using TCP (i.e. telent, rdp, ftp, etc...). 

So what changed with this minor code upgrade and how to I restore the ability of these remote users utilize resources at the other sites?  Has anybody else experienced this?

Thanks,

I have this problem too.
0 votes
Correct Answer by malhyari about 1 year 11 months ago

Hey.

I think you are hitting a bug

anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
malhyari Tue, 05/15/2012 - 15:15

Hey.

I think you are hitting a bug

anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.

vishnsha Wed, 05/16/2012 - 15:40

Yes CSCty32412 is the correct bug. To fix this bug, upgrade the ASA to 8.2(5.29) which is not available on cisco website. To get this code, please open a case with Cisco TAC VPN team and ask them to publish this software for you.

Thanks,

Vishnu Sharma

Actions

Login or Register to take actions

This Discussion

Posted May 15, 2012 at 1:07 PM
Stats:
Replies:3 Avg. Rating:5
Views:1424 Votes:0
Shares:0
Categories: ASA
+

Related Content

Discussions Leaderboard