SSL VPN-IP Address

Answered Question
Apr 23rd, 2010
User Badges:
Dear Experts, I request your assistance.
I am trying to test the SSL VPN (WEB VPN in Cisco ASA). It is working perfectly by default configuration. Now I am using OUTSIDE INTERFACE as SSL VPN Terminating point as below
web vpn
   enable outside
Is it possibe to use a differnt IP Address from the same Subnet of OUTSIDE INTERFACE, Instead of Interface IP Address itself. The Idea behind is, Clients should not use OUTSIDE Interface IP Address, but whereas they can use from the IP Address Pool of OUTSIDE Interface
Please advice
Regards and Thanks in advance
sairam
Correct Answer by Jennifer Halim about 7 years 3 months ago

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).


Here is the command for your reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1049646

Correct Answer by Jennifer Halim about 7 years 3 months ago

Sure,..


Under the webvpn gateway section of the configuration, there is an option to configure ip address:

webvpn gateway ssl-gw

     ip address


Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054226


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jennifer Halim Fri, 04/23/2010 - 03:57
User Badges:
  • Cisco Employee,

Unfortunately on ASA, you can only use the outside ip address, not any other ip address.


On IOS router however, you have the option to use a virtual ip address to terminate SSL.

snarayanaraju Fri, 04/23/2010 - 11:02
User Badges:

Hi,


Thanks a ton for your valuable reply.


Can you please brief, How this is accomplished using Virtual IP address In IOS Router. If possible can you please share the link  which shows the configuration example


thanks in advance


sairam

snarayanaraju Sat, 04/24/2010 - 06:39
User Badges:

Dear halijenn,


Thanks for the link provided. Very useful.


Whether this is applicable for IPSEC VPN too. Can I use the IP address other than Interface IP address for IPSEC VPN ?


Hope you will share your valuable comments


sairam

Correct Answer
Jennifer Halim Sat, 04/24/2010 - 15:57
User Badges:
  • Cisco Employee,

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).


Here is the command for your reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1049646

Actions

This Discussion