12-08-2009 08:52 PM - edited 03-11-2019 09:46 AM
Hi All,
I am trying to configure ASA 5505 as SSL VPN server. I have a range of public IP addresses from service provider. I am using interface vlan 2 (outside) IP address for our internal Exchange server which uses port 443, 80 and 25. I want to use another available public ip address for SSL VPN, but it seems it's impossible. when I run wizard, it only lets me to specify interface which it's already used for PAT.
if you suggest me how to accomplish this task, I'll be very appreciated.
thanks
Alex
Solved! Go to Solution.
12-12-2009 10:39 PM
Since you need the actual interface to terminate SSL VPN or any other VPN I would suggest to use a different pub IP that you have available and cutover the rules that you have configured for your exchange server that is using the ourside interface as static PAT for 443 and use regular static nat for exchange services , you need the actual interface to terminate the vpn ,..AFAIK ASA does not support secondary IPs on the same interface .. like you could on a router.
Regards
12-12-2009 10:39 PM
Since you need the actual interface to terminate SSL VPN or any other VPN I would suggest to use a different pub IP that you have available and cutover the rules that you have configured for your exchange server that is using the ourside interface as static PAT for 443 and use regular static nat for exchange services , you need the actual interface to terminate the vpn ,..AFAIK ASA does not support secondary IPs on the same interface .. like you could on a router.
Regards
12-14-2009 12:00 AM
Hi Alex,
I think you have to do a NAT for your exchange server using one public IP address.
And your SSL vpn can terninal on another public IP address lies on outside interface.
For hose two IP address, you can locate at your demand.
THX
Keisikka
12-14-2009 12:50 AM
For this you need two routable addresses. Lets say these are 1.1.1.1 and 1.1.1.2 which you've gotten from your ISP.
1) Put 1.1.1.1 on your vlan2 outside interface. Use this for VPN's and PAT.
2) Add a static for 1.1.1.2 and towards your exchange server on the inside.
ex of static command;
static(inside,outside)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: