Cisco IOS SSL VPN questions

fredj1234 · ‎05-29-2009

Hi,

I have two questions.

1. Is there any way to implement IOS SSL vpn through PAT'ing off of a single public IP address?

I've gotten this to work fine without PAT but with PAT I've had issues so I wanted to know if its possible or not possible.

2. Is there any way to set the webvpn gateway to be identified by a hostname instead of setting an IP address for the "Virtual IP Config"?

Basically what I'm trying to do, is figure out if its possible to use a DNS name instead of a static IP, because if it's possible to use a DNS name (in the place of an IP), then you can use DHCP on your WAN interface.

Web VPN config below--------------

webvpn gateway WVPN_1

ip address 1.1.1.1 port 443

ssl trustpoint TP-self-signed-3998510203

inservice

!

webvpn install svc flash:/webvpn/svc.pkg

!

webvpn context TEST1

title-color #CCCC66

secondary-color white

text-color black

ssl authenticate verify all

!

policy group policy_1

functions svc-enabled

svc address-pool "VPNPOOL1"

svc default-domain "domain.dyndns.org"

svc keep-client-installed

default-group-policy policy_1

aaa authentication list XAUTH

gateway WVPN_1 domain TEST1

max-users 2

inservice

!

end

System image file is "flash:c1841-adventerprisek9-mz.124-9.T4.bin"

Farrukh Haroon · ‎05-30-2009

I don't think DHCP is supported, you can easily verify it by doing a question mark on the ip address command in webvpn gateway configuration mode.

IF your internet link is not terminated on the router itself, you could use some upstream device that supports DHCP (on interfaces) to do NAT. But I don't think this is the case for you.

Regards

Farrukh