Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
5
Helpful
5
Replies

SSL VPN-IP Address

Go to solution
snarayanaraju
Level 4
Level 4

‎04-23-2010 03:53 AM - edited ‎03-11-2019 10:36 AM

Dear Experts, I request your assistance.
I am trying to test the SSL VPN (WEB VPN in Cisco ASA). It is working perfectly by default configuration. Now I am using OUTSIDE INTERFACE as SSL VPN Terminating point as below
web vpn
   enable outside
Is it possibe to use a differnt IP Address from the same Subnet of OUTSIDE INTERFACE, Instead of Interface IP Address itself. The Idea behind is, Clients should not use OUTSIDE Interface IP Address, but whereas they can use from the IP Address Pool of OUTSIDE Interface
Please advice
Regards and Thanks in advance
sairam
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to snarayanaraju

‎04-23-2010 03:53 PM

Sure,..

Under the webvpn gateway section of the configuration, there is an option to configure ip address:

webvpn gateway ssl-gw

     ip address

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054226

Hope that helps.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to snarayanaraju

‎04-24-2010 03:57 PM

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).

Here is the command for your reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1049646

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎04-23-2010 03:57 AM

Unfortunately on ASA, you can only use the outside ip address, not any other ip address.

On IOS router however, you have the option to use a virtual ip address to terminate SSL.

Go to solution
snarayanaraju
Level 4
Level 4
In response to Jennifer Halim

‎04-23-2010 11:02 AM

Hi,

Thanks a ton for your valuable reply.

Can you please brief, How this is accomplished using Virtual IP address In IOS Router. If possible can you please share the link  which shows the configuration example

thanks in advance

sairam

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to snarayanaraju

‎04-23-2010 03:53 PM

Sure,..

Under the webvpn gateway section of the configuration, there is an option to configure ip address:

webvpn gateway ssl-gw

     ip address

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054226

Hope that helps.

0 Helpful

Go to solution
snarayanaraju
Level 4
Level 4
In response to Jennifer Halim

‎04-24-2010 06:39 AM

Dear halijenn,

Thanks for the link provided. Very useful.

Whether this is applicable for IPSEC VPN too. Can I use the IP address other than Interface IP address for IPSEC VPN ?

Hope you will share your valuable comments

sairam

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to snarayanaraju

‎04-24-2010 03:57 PM

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).

Here is the command for your reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1049646

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card