Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?

I've got 3 sites.  Site A is connected to both Site B and Site C via IPSEC tunnels (all devices are ASA5540).  Site A also acts as a VPN concentrator for remote access users.  I upgraded the ASA code at Site A from 8.2(5) to 8.2(5.26) per the Cisco advisory to deal with the SSL VPN Active-X RDP vulnerability.  This update solved the issue with Active-X RDP, but, now users who connect with AnyConnect to Site A can not establish a connection to hosts in Site B or Site C.  They can Ping those hosts, but cannot connect to them using TCP (i.e. telent, rdp, ftp, etc...). 

So what changed with this minor code upgrade and how to I restore the ability of these remote users utilize resources at the other sites?  Has anybody else experienced this?

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re:ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?

Hey.

I think you are hitting a bug

anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.

3 REPLIES
Cisco Employee

Re:ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?

Hey.

I think you are hitting a bug

anyconnect hairpinning traffic fails . I don't remember the bug id but i will provide it tomorrow.

New Member

ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?


TAC has confirmed that this is a bug (CSCty32412).

Thanks,

-jerry

Cisco Employee

ASA 8.2(5) to 8.2(5.26) upgrade breaks VPN hairpinning?

Yes CSCty32412 is the correct bug. To fix this bug, upgrade the ASA to 8.2(5.29) which is not available on cisco website. To get this code, please open a case with Cisco TAC VPN team and ask them to publish this software for you.

Thanks,

Vishnu Sharma

1522
Views
0
Helpful
3
Replies