Third Party SSL VPN terminated on ASA DMZ

Answered Question
Jun 16th, 2008

Hi all,

Any help is appreciated. Can this be done:

In ASA 5520, I have a DMZ defined and has been working fine until now. The DMZ subnet is 192.168.10.0/24 and IP on the DMZ interface is 192.168.10.1. Now I am trying to add a third party (not Cisco) SSL VPN appliance. The appliance is given an IP address 192.168.10.101. The SSL VPN appliance will give out IP addreess to SSLVPN clients in the range of 192.168.20.x. After connection is established, the client indeed is getting the 192.168.20.x IP addr. However, clients can not connect to internal LAN. If I change the clients IP address range to the same subnet as the DMZ, everything works. My question is that since the SSLVPN clients are terminated on the DMZ and getting a different subnet IP, how can I route/map these addresses so that they6 can access internal network through the inside interface, or can it be done at all?

Any advice is appreciated.

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 5 months ago

You just need to add the appropriate routes on the ASA for this pool. And also on any Layer 3 routing devices on the inside of the ASA.

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Farrukh Haroon Mon, 06/16/2008 - 11:30

You just need to add the appropriate routes on the ASA for this pool. And also on any Layer 3 routing devices on the inside of the ASA.

Regards

Farrukh

Actions

This Discussion