Tunnel configuration was correct. The issue was related to the NAT rules. In ASA 9.1 NAT exclusions for interesting tunnel traffic can be defined using a static NAT rule and including the service of http or https. The service is an object that defines the ports being used. In the object both source and destination ports can be defined.
The failure was caused by defining a source port. For example the http service object used a source port as 80 and destination port as 80.
The source cannot be defined as port 80. The workstation will source the packet from a tcp high port. The source port should be left blank and the ASDM will by default add ports 1-65535.
Imported Document ID: 000020360
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.