Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5505 with two public IP

Hi All,

I am trying to configure ASA 5505 as SSL VPN server. I have a range of public IP addresses from service provider. I am using interface vlan 2 (outside) IP address for our internal Exchange server which uses port 443, 80 and 25. I want to use another available public ip address for SSL VPN, but it seems it's impossible. when I run wizard, it only lets me to specify interface which it's already used for PAT.

if you suggest me how to accomplish this task, I'll be very appreciated.

thanks

Alex

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA 5505 with two public IP

Since you need  the actual  interface to terminate SSL VPN or any other VPN  I would suggest to use a different pub IP that you have available and cutover the rules that  you have configured for your exchange server that is using the ourside interface as static PAT for  443 and use regular static nat for exchange services , you need  the actual interface to terminate the vpn ,..AFAIK  ASA does not support secondary  IPs on  the same interface .. like you  could  on a router.

Regards

3 REPLIES

Re: ASA 5505 with two public IP

Since you need  the actual  interface to terminate SSL VPN or any other VPN  I would suggest to use a different pub IP that you have available and cutover the rules that  you have configured for your exchange server that is using the ourside interface as static PAT for  443 and use regular static nat for exchange services , you need  the actual interface to terminate the vpn ,..AFAIK  ASA does not support secondary  IPs on  the same interface .. like you  could  on a router.

Regards

New Member

Re: ASA 5505 with two public IP

Hi Alex,

I think you have to do a NAT for your exchange server using one public IP address.

And your SSL vpn can terninal on another public IP address lies on outside interface.

For hose two IP address, you can locate at your demand.

THX

Keisikka

New Member

Re: ASA 5505 with two public IP

For this you need two routable addresses. Lets say these are 1.1.1.1 and 1.1.1.2 which you've gotten from your ISP.

1) Put 1.1.1.1 on your vlan2 outside interface. Use this for VPN's and PAT.

2) Add a static for 1.1.1.2 and towards your exchange server on the inside.

ex of static command;

static(inside,outside) netmask 255.255.255.255

736
Views
0
Helpful
3
Replies
CreatePlease to create content