I know that historically the Pix has not allowed packets arriving on the inside interface to be routed back out the same interface. With v7.x, though, the command "same-security-traffic permit intra-interface" apparently allows hairpinning of encrypted traffic between different tunnels on a single physical interface. Is there an equivalent command in v7.x that will allow hairpinning of UN-encrypted traffic on the inside interface?
client from 172.16.10.0/24 tries to establish tcp session with a server located in 172.22.1.0/24? The first SYN packet is routed to server, then it answers with SYN+ACK packet, which is tranmitted to inside ASA interface, which is used as default gateway. ASA finds that in connection table are no record associated with this session, and does not send the packet to the destination. What may be used as a workaround? Thanks
I have a similar issue and wondering if this would solve it. I have a CSS on DMZ and servers behind CSS that are load balanced all works fine. I have other servers server behind CSS that also need to get to the load balanced VIP. Can these servers exit the firewall and re-enter the firewall with the public address which would then get them to load balanced VIP
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...