Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
373
Views
0
Helpful
0
Comments

Hairpin traffic on an ASA

Magnus Mortensen
Cisco Employee
Cisco Employee

‎09-20-2010 06:35 PM - edited ‎03-08-2019 06:36 PM

Hairpinning traffic on a Firewall is usually a tricky situation since it usually results in a symmetric traffic crossing the ASA. The ASA will obviously drop asymmetric traffic since it is a stateful firewall. As a result we must either ensure that both sides of the traffic traverse the ASA or permit the asymmetric traffic:

Option 1: Permit the asymmetric traffic

Pro: Does not require translating addresses

Con: Reduces the security on flows that are hairpinned

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents