01-19-2009 03:08 PM
Hello,
I have a situation where the usable WAN IP block belongs to the DMZ interface of the ASA. A WAN/ISP transit network also exists between the ASA and ISP provider but we cannot use these addresses for SSL VPN.
Is it possible to route through the WAN/ISP interface and terminate SSL client/clientless connections on the DMZ interface of the ASA?
01-22-2009 07:05 AM
I am confused - why do you think "A WAN/ISP transit network also exists between the ASA and ISP provider but we cannot use these addresses for SSL VPN" If it is reachable from the Internet and there is an IP address on the "outside" interface address of the ASA - then you can use it.
HTH>
01-22-2009 08:13 AM
We cannot use it as 443 is utilized for another purpose on that IP.
01-22-2009 08:23 AM
yes it would fail if you have not configured the device to accept WebVPN connections on that interface??
webvpn
enable
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: