Cisco IOS SSL VPN questions

Unanswered Question
May 29th, 2009
User Badges:

Hi,


I have two questions.


1. Is there any way to implement IOS SSL vpn through PAT'ing off of a single public IP address?

I've gotten this to work fine without PAT but with PAT I've had issues so I wanted to know if its possible or not possible.


2. Is there any way to set the webvpn gateway to be identified by a hostname instead of setting an IP address for the "Virtual IP Config"?


Basically what I'm trying to do, is figure out if its possible to use a DNS name instead of a static IP, because if it's possible to use a DNS name (in the place of an IP), then you can use DHCP on your WAN interface.


Web VPN config below--------------



webvpn gateway WVPN_1

ip address 1.1.1.1 port 443

ssl trustpoint TP-self-signed-3998510203

inservice

!

webvpn install svc flash:/webvpn/svc.pkg

!

webvpn context TEST1

title-color #CCCC66

secondary-color white

text-color black

ssl authenticate verify all

!

!

policy group policy_1

functions svc-enabled

svc address-pool "VPNPOOL1"

svc default-domain "domain.dyndns.org"

svc keep-client-installed

default-group-policy policy_1

aaa authentication list XAUTH

gateway WVPN_1 domain TEST1

max-users 2

inservice

!

end


System image file is "flash:c1841-adventerprisek9-mz.124-9.T4.bin"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Farrukh Haroon Sat, 05/30/2009 - 06:28
User Badges:
  • Red, 2250 points or more

I don't think DHCP is supported, you can easily verify it by doing a question mark on the ip address command in webvpn gateway configuration mode.


IF your internet link is not terminated on the router itself, you could use some upstream device that supports DHCP (on interfaces) to do NAT. But I don't think this is the case for you.


Regards


Farrukh

Actions

This Discussion