01-19-2009 03:08 PM
Hello,
I have a situation where the usable WAN IP block belongs to the DMZ interface of the ASA. A WAN/ISP transit network also exists between the ASA and ISP provider but we cannot use these addresses for SSL VPN.
Is it possible to route through the WAN/ISP interface and terminate SSL client/clientless connections on the DMZ interface of the ASA?
01-22-2009 07:05 AM
I am confused - why do you think "A WAN/ISP transit network also exists between the ASA and ISP provider but we cannot use these addresses for SSL VPN" If it is reachable from the Internet and there is an IP address on the "outside" interface address of the ASA - then you can use it.
HTH>
01-22-2009 08:13 AM
We cannot use it as 443 is utilized for another purpose on that IP.
01-22-2009 08:23 AM
yes it would fail if you have not configured the device to accept WebVPN connections on that interface??
webvpn
enable
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide