Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
0
Helpful
6
Replies

redirect Web SSL VPN to another outside ip possible?

Go to solution
born.jason
Level 1
Level 1

‎09-29-2010 10:13 AM

Hi it is possible to redirect the web ssl vpn to another outside ip from my external range or could i only use the outside interface?

For example:

ASA outside: 213.23.4.50 (https://213.23.4.50)

Redirect to oustide: 213.23.4.51 (https://213.23.4.51)

same question for redirect the vpn client external ip to another than the outside ip of asa.

regards

jason

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to born.jason

‎09-30-2010 11:38 PM

Jason,

Fairly easy

bsns-asa5520-10(config)# webvpn
bsns-asa5520-10(config-webvpn)# port ?

webvpn mode commands/options:
  <1-65535>  The WebVPN server's SSL listening port. TCP port 443 is the
             default.

Please note though that your users will have to use

https://My.domain.tld:PORT

to connect ... same for clientless and SVC.

Marcin

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-29-2010 01:42 PM

Jason,

As far as I know ASA willonly terminate on interface IP which you enable under webvpn (unlike IOS ...)

But I may have pre-8.x knowledge on this.

What would be the point?

Marcin

0 Helpful

Go to solution
born.jason
Level 1
Level 1
In response to Marcin Latosiewicz

‎09-30-2010 08:42 AM

Thanks for the answer Marcin.

The point is that on the same IP (outside) https is enable for exchange webmail (owa).

and if i connect through the ssl vpn ip i connect to the exchange iis and not ssl vpn login side..... is there a solution for that or do i have to re adress the dns mail record or change the outside ip of the asa and change the nat rules?

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to born.jason

‎09-30-2010 09:16 AM

Jason,

Wouldn't you rather consider moving your webvpn to a different TCP port than moving whole IP?

If that's not a possibility, changing your NAT + MX records to accmodate exchange on different IP would be more approachable solution.

Marcin

0 Helpful

Go to solution
born.jason
Level 1
Level 1
In response to Marcin Latosiewicz

‎09-30-2010 10:55 PM

thats a good idea. How could i move the port?

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to born.jason

‎09-30-2010 11:38 PM

Jason,

Fairly easy

bsns-asa5520-10(config)# webvpn
bsns-asa5520-10(config-webvpn)# port ?

webvpn mode commands/options:
  <1-65535>  The WebVPN server's SSL listening port. TCP port 443 is the
             default.

Please note though that your users will have to use

https://My.domain.tld:PORT

to connect ... same for clientless and SVC.

Marcin

0 Helpful

Go to solution
born.jason
Level 1
Level 1
In response to Marcin Latosiewicz

‎10-01-2010 12:05 AM

thanks Marcin.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents