Cisco ASA SSL Vpn Client and Clientless IP Address question.

Unanswered Question
Jul 15th, 2010

Hi Guys,

I was wondering when I configure either the clientless or client based SSL VPN on an ASA (8.0) can I specify an IP address which is routable to the firewall or does it have to be the IP of the firewalls outside interface?

so for example if my outside interface is

202.131.134.1/27      Does the SSL VPN have to be configured for 202.131.134.1? or can it be configured for any IP in that subnet? or even any IP that is routed to the firewall?

The problem I have is I am port forwarding HTTPS traffic on the actual interface address so I wanted to see if I can use other IP in the interfaces subnet.

cheers.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kenrandrews Thu, 07/15/2010 - 08:37

I think what you would have to do is setup another interface and assign it to the outside as well. Similar to whats being done in this guide:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Then just enable the webvpn for that interface.

The down side to this is that you will need a free interface and the one for the basic asa will not work as it only goes one way.

Or you could change port the WebVPN listens on. See Solution 2 in the following guide.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml

Hope that helps.

Actions

This Discussion