HAProxy community

AnyConnect and HA


I am trying to utilize HAProxy to reverse proxy both web traffic, and anyconnect vpn traffic.

This is my current config:

frontend https
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
use_backend remote if !{ req.ssl_hello_type 1 } !{ req.len 0 }
use_backend nginx if { req_ssl_sni -i website1.com }
use_backend nginx if { req_ssl_sni -i website2.com }
use_backend nginx if { req_ssl_sni -i website3.com }
default_backend remote

backend remote
mode tcp
server remote asaurl:443

backend nginx
mode tcp
server nginx internalurl:444

backend open
mode http
server open internalurl:80

All traffic is currently being pushed to backend remote. So if I browse to website 1,2,3 instead of the vpn url, all traffic is presented to the ASA.

Any ideas?