SSL VPN-IP Address

Answered Question
Apr 23rd, 2010
Dear Experts, I request your assistance.
I am trying to test the SSL VPN (WEB VPN in Cisco ASA). It is working perfectly by default configuration. Now I am using OUTSIDE INTERFACE as SSL VPN Terminating point as below
web vpn
   enable outside
Is it possibe to use a differnt IP Address from the same Subnet of OUTSIDE INTERFACE, Instead of Interface IP Address itself. The Idea behind is, Clients should not use OUTSIDE Interface IP Address, but whereas they can use from the IP Address Pool of OUTSIDE Interface
Please advice
Regards and Thanks in advance
Correct Answer by Jennifer Halim about 6 years 10 months ago

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).

Here is the command for your reference:

Correct Answer by Jennifer Halim about 6 years 10 months ago


Under the webvpn gateway section of the configuration, there is an option to configure ip address:

webvpn gateway ssl-gw

     ip address

Here is the configuration guide for your reference:

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Jennifer Halim Fri, 04/23/2010 - 03:57

Unfortunately on ASA, you can only use the outside ip address, not any other ip address.

On IOS router however, you have the option to use a virtual ip address to terminate SSL.

snarayanaraju Fri, 04/23/2010 - 11:02


Thanks a ton for your valuable reply.

Can you please brief, How this is accomplished using Virtual IP address In IOS Router. If possible can you please share the link  which shows the configuration example

thanks in advance


snarayanaraju Sat, 04/24/2010 - 06:39

Dear halijenn,

Thanks for the link provided. Very useful.

Whether this is applicable for IPSEC VPN too. Can I use the IP address other than Interface IP address for IPSEC VPN ?

Hope you will share your valuable comments



This Discussion