Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Hairpin traffic on an ASA

Hairpinning traffic on a Firewall is usually a tricky situation since it usually results in a symmetric traffic crossing the ASA. The ASA will obviously drop asymmetric traffic since it is a stateful firewall. As a result we must either ensure that both sides of the traffic traverse the ASA or permit the asymmetric traffic:

Option 1: Permit the asymmetric traffic

Pro: Does not require translating addresses

Con: Reduces the security on flows that are hairpinned

26
Views
0
Helpful
0
Comments