Randomly users may lose access the internal resources with Connect Tunnel client using SNAT IP Pool
03/26/2020 7 11014
DESCRIPTION: Randomly users may lose access the internal resources with Connect Tunnel client using SNAT IP Pool
When connect tunnel is configured with Split tunnel mode using source NAT with multiple SNAT IP pool (approximately 10 SNAT Pools) on High Availability (10.0.4 & 10.5.4) mode, few users may randomly lose access to internal resources.
However, on the appliance when enabling the “promisc mode for the internal interfaces” (via SSH console), users will be able to access all the resources successfully.
Note: With static IP pool everything works fine.
Workaround : Steps to enable/Disable Promisc mode via CLI mode ==================================================== Enable promisc mode on both the internal interfaces (if you are using in HA mode) using the following commands using SSH console - # ifconfig eth0 promisc - Enable - # ifconfig eth0 -promisc - Disable
This issue has been escalated to engineering and got a confirmation that this is an enhacement request, so we have filed an ER to add this in future releases until then you can use the above workaround. Tracking ID: <1155965 & 106262>
Tracking ID: <ER: 1165>
Secure Mobile Access>SMA 1000 Series>Connect Tunnel Client