2 questions re SSL VPN

Unanswered Question
Apr 22nd, 2009


I have recently implemented an SSL VPN solution for a customer and have a couple of questions.

1) We have a 10 user license and are authenticating users using AD. The network administrator wants to ensure that there is always a connection for him, therefore leaving other users to contend for the other 9 connections. Is this something that would be implemented on the ASA or on the AD server?

2) Is it possible to source NAT/overload the SSL VPN clients to the ASAs inside interface thus removing the requirement to redistribute a route to the SSL VPN client pool into the routing protocol? I've tried it and couldn't get it to work.

Another issue I came accross whilst doing this deployement, was that I had to configure NAT exemption for all traffic between the LAN and the SSL VPN clients, even though I had the "Enable traffic through the firewall without address translation" check box checked.

According to the config guides I shouldn't have needed this - has anyone else had this issue. I'm running 8.0(4)

Many Thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion