Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
956
Views
0
Helpful
3
Replies

ASA 5505 with two public IP

Go to solution
alex goshtaei
Level 1
Level 1

‎12-08-2009 08:52 PM - edited ‎03-11-2019 09:46 AM

Hi All,

I am trying to configure ASA 5505 as SSL VPN server. I have a range of public IP addresses from service provider. I am using interface vlan 2 (outside) IP address for our internal Exchange server which uses port 443, 80 and 25. I want to use another available public ip address for SSL VPN, but it seems it's impossible. when I run wizard, it only lets me to specify interface which it's already used for PAT.

if you suggest me how to accomplish this task, I'll be very appreciated.

thanks

Alex

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-12-2009 10:39 PM

Since you need  the actual  interface to terminate SSL VPN or any other VPN  I would suggest to use a different pub IP that you have available and cutover the rules that  you have configured for your exchange server that is using the ourside interface as static PAT for  443 and use regular static nat for exchange services , you need  the actual interface to terminate the vpn ,..AFAIK  ASA does not support secondary  IPs on  the same interface .. like you  could  on a router.

Regards

Jorge Rodriguez

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-12-2009 10:39 PM

Since you need  the actual  interface to terminate SSL VPN or any other VPN  I would suggest to use a different pub IP that you have available and cutover the rules that  you have configured for your exchange server that is using the ourside interface as static PAT for  443 and use regular static nat for exchange services , you need  the actual interface to terminate the vpn ,..AFAIK  ASA does not support secondary  IPs on  the same interface .. like you  could  on a router.

Regards

Jorge Rodriguez
0 Helpful

Go to solution
keisikka
Level 1
Level 1

‎12-14-2009 12:00 AM

Hi Alex,

I think you have to do a NAT for your exchange server using one public IP address.

And your SSL vpn can terninal on another public IP address lies on outside interface.

For hose two IP address, you can locate at your demand.

THX

Keisikka

0 Helpful

Go to solution
Kent Heide
Level 1
Level 1
In response to keisikka

‎12-14-2009 12:50 AM

For this you need two routable addresses. Lets say these are 1.1.1.1 and 1.1.1.2 which you've gotten from your ISP.

1) Put 1.1.1.1 on your vlan2 outside interface. Use this for VPN's and PAT.

2) Add a static for 1.1.1.2 and towards your exchange server on the inside.

ex of static command;

static(inside,outside) netmask 255.255.255.255

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card