I am currently attempting to implement an ASA 5510 into my business network.
I am retiring an old WatchGuard X1000 that has far outlasted its usefulness...
Lets say the outside address is public IP 10.10.10.102 and it connects directly to a DSL modem. A lot of this configuration is not ideal but it's what I'm forced to operate with for the time being. The WatchGuard used to be public IP 10.10.10.96 and both devices were live on the network together. The WatchGuard served as a useless firewall and the ASA served as a very expensive VPN client.
Users connected remotely by browsing to https://vpn.mycompany.com/ for years and they also connected to owa by browsing to https://mail.mycompany.com/ and this worked great because the mail went to the 96 address and vpn went to the 102 address. There was a cheap workgroup switch connecting both devices to the DSL modem. I have since removed the WatchGuard and workgroup switch.
The issue I am now having is with https traffic. I do not have the 96 address assigned to an interface, I just have the 102 address routing it as requests arrive. I have a static route pointing smtp from the 96 address to my ironport we'll call it internal IP 22.214.171.124 and for the time being I have https from the 96 address pointing to the exchange server internal IP 126.96.36.199. In order to make this work I had to change the port number of the VPN even though it is coming in on the 102 address. I want to be able to bring both VPN and OWA in on https. My question would be, how do I make this happen? I feel like I'm close but I just seem to be missing something. I don't want to have to retrain or reinstruct 350 plus users how to connect to the VPN nor do I want to fight with them having issues with guest networks blocking non standard ports if I don't have to.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...