I've been trying to get the following working for a couple a days now to no avail. The topology I have is as follows:
Internet --> Router (with Public IP) --> ASA (with Private IPs) --> LAN
What I'm trying to achieve is for remote workers to be able to use the Anyconnect client to connect back to the office.
I can get the solution working by using the Router as the SSL VPN encryption point, set up EIGRP between the Router and the ASA and redistribute the injected IPs (Anyconnect RRI) onto the routing protocol.
However, ideally, we would like for the ASA to be the encription point...the reason being that we have SSL VPN licences for the ASA but not for the router. To achieve this, I have tried various flavours of NATing in order to try give the ASA a public IP but everything I have tried so far doesn't seem to work..i.e. I can get it to a state where I can ping the "public" (NATed) IP address of the ASA but the SSL VPN config won't work...i.e. when I try to browse to the very same IP address that I can ping nothing happens....
Re: Anyconnect to ASA with outside interface NATed
Depending on the size of the address space given you by the ISP, you could subnet and give your inside router interface a public address on the same subnet as the Asa external interface. Then the clients could address the Asa directly.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.