Wednesday, February 10, 2021

ASAv hairpin and acl filtering

Hi everyone,

I am trying to achieve the setup below. Activate hairpinning in Cisco ASAv and apply some acl's to filter it so that some traffic to be able to enter and exit the same interface while some other traffic not.

Up until now acl's aren't working when hairpinning is enabled. They are simply ignored. We have applied the acl's to specific interfaces, enabled them globally and so forth (every combination).

We test it by sending an icmp packet (ping) from one host to the other. Packet-tracer shows that it should be DROPed, but when testing the packet goes through without any trouble. The acl to drop the icmp packet has been put in place and tested multiple times.

Do you know if this is actually possible or not? If yes, please give us some direction.



No comments:

Post a Comment