FWSM Firewall Context "Flow is a loopback" Conundrum
Trying to get a remote VPN user to connect to a server and it is failing with the following error:
%ASA-6-302014: Teardown TCP connection 101118575 for outside:10.48.2.74/4945 to outside:10.45.72.68/3622 duration 0:00:00 bytes 0 Flow is a loopback
I understand the connection is trying to exit on the same interface it is arriving on. The connection is over VPN and traverses across the firewall to terminate on a server where it is assigned it's address from a dedicated DHCP pool. Connectivity then comes back through the firewall to get back to the network. The default route sends traffic back out of the same interface and in the large majority of cases communication is successful. In this instance I get the error above.
I have permitted the "same-security-traffic permit intra-interface" command but this does not work. We are routing the traffic and not natting it. Traffic exiting to internet through the same path works for the users but to this specific server it does not work. I am lost as to why. I could create a dedicated interface and route traffic to this specific server subnet over this but that does not resolve the issue.
Any advise out their appreciated. I cannot post full config but will post what I can. Routes are normal and overall working.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...