Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 - HTTPS Issues with VPN and OWA

I am currently attempting to implement an ASA 5510 into my business network.

I am retiring an old WatchGuard X1000 that has far outlasted its usefulness...

Lets say the outside address is public IP 10.10.10.102 and it connects directly to a DSL modem. A lot of this configuration is not ideal but it's what I'm forced to operate with for the time being. The WatchGuard used to be public IP 10.10.10.96 and both devices were live on the network together. The WatchGuard served as a useless firewall and the ASA served as a very expensive VPN client.

Users connected remotely by browsing to https://vpn.mycompany.com/ for years and they also connected to owa by browsing to https://mail.mycompany.com/ and this worked great because the mail went to the 96 address and vpn went to the 102 address. There was a cheap workgroup switch connecting both devices to the DSL modem. I have since removed the WatchGuard and workgroup switch.

The issue I am now having is with https traffic. I do not have the 96 address assigned to an interface, I just have the 102 address routing it as requests arrive. I have a static route pointing smtp from the 96 address to my ironport we'll call it internal IP 1.1.1.7 and for the time being I have https from the 96 address pointing to the exchange server internal IP 1.1.1.12. In order to make this work I had to change the port number of the VPN even though it is coming in on the 102 address. I want to be able to bring both VPN and OWA in on https. My question would be, how do I make this happen? I feel like I'm close but I just seem to be missing something. I don't want to have to retrain or reinstruct 350 plus users how to connect to the VPN nor do I want to fight with them having issues with guest networks blocking non standard ports if I don't have to.

Any assistance here would be greatly appreciated.

409
Views
0
Helpful
0
Replies
CreatePlease to create content