Howto let inside users access SSLVPN on outside

Unanswered Question
Sep 29th, 2010

We use a ASA5505 for as a firewall appliance and for users to connect to SSLVPN via the webvpn client. We can connect fine from home but we would also like to be able to connect from inside the firewall to be able to install the client onto new notebooks. What is needed to allow this? When ever we try no connection is established and the log shows first:     23088     x.x.104.84     443     Built inbound TCP connection 8729087 for inside: ( to identity:x.x.104.84/443 (x.x.104.84/443)
and then     23088     x.x.104.84     443     Teardown TCP connection 8729087 for inside: to identity:x.x.104.84/443 duration 0:00:00 bytes 0 TCP Reset by appliance
Does anybody know what will allow us to access the SSL portal page from inside? We don't want to enable SSLVPN on the inside interface because this will require us to configure split DNS and we dont use that. Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Wed, 09/29/2010 - 07:28

Unfortunately you can't connect to the outside ip address for SSL VPN connection from the inside network. If you are connected to your inside network, you would need to enable SSL VPN on the inside interface, and connect to the ASA inside interface.

infarm2010 Wed, 09/29/2010 - 23:11

Thanks for the reply. I do find that a bit strange since I had this working for a few month and then it just stopped. I would like to hear if anyone else can verify that the ASA doesn't allow this. Also does that mean you also have to configure split dns to reach the stuff in your DMZ (homepage, webmail and so forth) Thanks in advance.


This Discussion