cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
755
Views
0
Helpful
1
Replies

Cisco ASA SSL Vpn Client and Clientless IP Address question.

Hi Guys,

I was wondering when I configure either the clientless or client based SSL VPN on an ASA (8.0) can I specify an IP address which is routable to the firewall or does it have to be the IP of the firewalls outside interface?

so for example if my outside interface is

202.131.134.1/27      Does the SSL VPN have to be configured for 202.131.134.1? or can it be configured for any IP in that subnet? or even any IP that is routed to the firewall?

The problem I have is I am port forwarding HTTPS traffic on the actual interface address so I wanted to see if I can use other IP in the interfaces subnet.

cheers.

1 Reply 1

kenrandrews
Level 1
Level 1

I think what you would have to do is setup another interface and assign it to the outside as well. Similar to whats being done in this guide:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Then just enable the webvpn for that interface.

The down side to this is that you will need a free interface and the one for the basic asa will not work as it only goes one way.

Or you could change port the WebVPN listens on. See Solution 2 in the following guide.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: