05-15-2012 01:07 PM
I've got 3 sites. Site A is connected to both Site B and Site C via IPSEC tunnels (all devices are ASA5540). Site A also acts as a VPN concentrator for remote access users. I upgraded the ASA code at Site A from 8.2(5) to 8.2(5.26) per the Cisco advisory to deal with the SSL VPN Active-X RDP vulnerability. This update solved the issue with Active-X RDP, but, now users who connect with AnyConnect to Site A can not establish a connection to hosts in Site B or Site C. They can Ping those hosts, but cannot connect to them using TCP (i.e. telent, rdp, ftp, etc...).
So what changed with this minor code upgrade and how to I restore the ability of these remote users utilize resources at the other sites? Has anybody else experienced this?
Thanks,
Solved! Go to Solution.
05-15-2012 03:15 PM
Hey.
I think you are hitting a bug
anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.
05-15-2012 03:15 PM
Hey.
I think you are hitting a bug
anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.
05-16-2012 09:03 AM
TAC has confirmed that this is a bug (CSCty32412).
Thanks,
-jerry
05-16-2012 03:40 PM
Yes CSCty32412 is the correct bug. To fix this bug, upgrade the ASA to 8.2(5.29) which is not available on cisco website. To get this code, please open a case with Cisco TAC VPN team and ask them to publish this software for you.
Thanks,
Vishnu Sharma
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: