Cisco ASA SSL Vpn Client and Clientless IP Address question.

Unanswered Question
Jul 15th, 2010
User Badges:

Hi Guys,

I was wondering when I configure either the clientless or client based SSL VPN on an ASA (8.0) can I specify an IP address which is routable to the firewall or does it have to be the IP of the firewalls outside interface?

so for example if my outside interface is      Does the SSL VPN have to be configured for or can it be configured for any IP in that subnet? or even any IP that is routed to the firewall?

The problem I have is I am port forwarding HTTPS traffic on the actual interface address so I wanted to see if I can use other IP in the interfaces subnet.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kenrandrews Thu, 07/15/2010 - 08:37
User Badges:

I think what you would have to do is setup another interface and assign it to the outside as well. Similar to whats being done in this guide:

Then just enable the webvpn for that interface.

The down side to this is that you will need a free interface and the one for the basic asa will not work as it only goes one way.

Or you could change port the WebVPN listens on. See Solution 2 in the following guide.

Hope that helps.


This Discussion