Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA hairpinning F5 SSL VPN traffic?

Hi, we are having some problems related to hairpinning traffic through the ASA. With the PIX as I understood this was impossible, but with the ASA I understand this is possible. Below is the link I used to configure this. http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml The problem is though that it still doesn't work. The situation is we have an F5 SSL VPN solution inside the network. The SSL VPN concentrator NATs from the outside via a static, to a 192.168.40.X address on the inside interface (192.168.40.1/24). The SSL VPN clients are assigned an address off of a virtual subnet 192.168.45.0. The clients CAN access the internet, and other sites, but cannot access local devices on the 192.168.40.x network. They CAN ping, but cannot get any TCP traffic to flow. We have a ACL on the inside interface permitting ANY traffic. Do you have any ideas? I was thinking it may be best just to insert a router and make it the default gateway on the subnet instead of the ASA. Any recommendations would be much appreciated.

Thanks!

Aaron

1 REPLY
Silver

Re: ASA hairpinning F5 SSL VPN traffic?

The issue may be with the MTU size of the link. If the amount of packets larger than the MTU try to use traffic shaping.

446
Views
0
Helpful
1
Replies