Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

SSL VPN-IP Address

Dear Experts, I request your assistance.
I am trying to test the SSL VPN (WEB VPN in Cisco ASA). It is working perfectly by default configuration. Now I am using OUTSIDE INTERFACE as SSL VPN Terminating point as below
web vpn
   enable outside
Is it possibe to use a differnt IP Address from the same Subnet of OUTSIDE INTERFACE, Instead of Interface IP Address itself. The Idea behind is, Clients should not use OUTSIDE Interface IP Address, but whereas they can use from the IP Address Pool of OUTSIDE Interface
Please advice
Regards and Thanks in advance
sairam
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: SSL VPN-IP Address

Sure,..

Under the webvpn gateway section of the configuration, there is an option to configure ip address:

webvpn gateway ssl-gw

     ip address

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054226

Hope that helps.

Cisco Employee

Re: SSL VPN-IP Address

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).

Here is the command for your reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1049646

5 REPLIES
Cisco Employee

Re: SSL VPN-IP Address

Unfortunately on ASA, you can only use the outside ip address, not any other ip address.

On IOS router however, you have the option to use a virtual ip address to terminate SSL.

Community Member

Re: SSL VPN-IP Address

Hi,

Thanks a ton for your valuable reply.

Can you please brief, How this is accomplished using Virtual IP address In IOS Router. If possible can you please share the link  which shows the configuration example

thanks in advance

sairam

Cisco Employee

Re: SSL VPN-IP Address

Sure,..

Under the webvpn gateway section of the configuration, there is an option to configure ip address:

webvpn gateway ssl-gw

     ip address

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054226

Hope that helps.

Community Member

Re: SSL VPN-IP Address

Dear halijenn,

Thanks for the link provided. Very useful.

Whether this is applicable for IPSEC VPN too. Can I use the IP address other than Interface IP address for IPSEC VPN ?

Hope you will share your valuable comments

sairam

Cisco Employee

Re: SSL VPN-IP Address

With IPSec VPN, you can use the "crypto map local-address" command to use a different interface (for example: using loopback interface, then you can assign the spare public ip address to your loopback interface).

Here is the command for your reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1049646

238
Views
5
Helpful
5
Replies
CreatePlease to create content