ASA 5505 with two public IP

Answered Question
Dec 8th, 2009
User Badges:

Hi All,

I am trying to configure ASA 5505 as SSL VPN server. I have a range of public IP addresses from service provider. I am using interface vlan 2 (outside) IP address for our internal Exchange server which uses port 443, 80 and 25. I want to use another available public ip address for SSL VPN, but it seems it's impossible. when I run wizard, it only lets me to specify interface which it's already used for PAT.

if you suggest me how to accomplish this task, I'll be very appreciated.

thanks

Alex

Correct Answer by JORGE RODRIGUEZ about 7 years 3 months ago

Since you need  the actual  interface to terminate SSL VPN or any other VPN  I would suggest to use a different pub IP that you have available and cutover the rules that  you have configured for your exchange server that is using the ourside interface as static PAT for  443 and use regular static nat for exchange services , you need  the actual interface to terminate the vpn ,..AFAIK  ASA does not support secondary  IPs on  the same interface .. like you  could  on a router.


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Sat, 12/12/2009 - 22:39
User Badges:
  • Green, 3000 points or more

Since you need  the actual  interface to terminate SSL VPN or any other VPN  I would suggest to use a different pub IP that you have available and cutover the rules that  you have configured for your exchange server that is using the ourside interface as static PAT for  443 and use regular static nat for exchange services , you need  the actual interface to terminate the vpn ,..AFAIK  ASA does not support secondary  IPs on  the same interface .. like you  could  on a router.


Regards

Kent Heide Mon, 12/14/2009 - 00:50
User Badges:

For this you need two routable addresses. Lets say these are 1.1.1.1 and 1.1.1.2 which you've gotten from your ISP.


1) Put 1.1.1.1 on your vlan2 outside interface. Use this for VPN's and PAT.

2) Add a static for 1.1.1.2 and towards your exchange server on the inside.


ex of static command;


static(inside,outside) netmask 255.255.255.255

Actions

This Discussion