HAProxy community

AnyConnect and HA


I am trying to utilize HAProxy to reverse proxy both web traffic, and anyconnect vpn traffic.

This is my current config:

frontend https
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
use_backend remote if !{ req.ssl_hello_type 1 } !{ req.len 0 }
use_backend nginx if { req_ssl_sni -i website1.com }
use_backend nginx if { req_ssl_sni -i website2.com }
use_backend nginx if { req_ssl_sni -i website3.com }
default_backend remote

backend remote
mode tcp
server remote asaurl:443

backend nginx
mode tcp
server nginx internalurl:444

backend open
mode http
server open internalurl:80

All traffic is currently being pushed to backend remote. So if I browse to website 1,2,3 instead of the vpn url, all traffic is presented to the ASA.

Any ideas?

Anybody have any advice?


You may want to enabled logging and capture sni sent by client and share it here.