cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
6
Replies

Differrent Anyconnect access interface

Joeri-Bos
Level 1
Level 1

Hi,

Is it possible to use a different ip address for anyconnect vpn. The 443 port is already in use at our outside interface.

Regards,

Joeri Bos

6 Replies 6

andrew.prince
Level 10
Level 10

Yes - under your webvpn profile, you configure:-

port xxx

HTH>

Hi Andrew,

Thats clear. But i want a different IP address. Is that possible?

Regards

You cannot change the IP address of the webVPN on the interface you have enabled it on.

Joeri Bos

I do not really understand what your problem is, and therefore do not know whether my suggestion is really a solution or not. But if you want the AnyConnect client to use an address different from the physical interface address of the ASA you might consider configuring the VPN clustering/load sharing feature. In configuring clustering you specify a virtual IP address and that is the address that the AnyConnect client uses to connect to.

Note that while the clustering feature is really intended for environments where there are multiple concentrators sharing an outside subnet (and an inside subnet) the feature will still work when there is only a single active concentrator.

hth

Rick

HTH

Rick

Rick,

I do not believe that this response is totally correct. While you can enable the clustering feature and direct the VPN client to the cluster address, it actually still connects to the physical address of the interface... I know that at least from the IPSec client perspective you never actually create a connection to the virtual address.

Thanks,

David

David

As I said:"I do not really understand what your problem is, and therefore do not know whether my suggestion is really a solution or not." I understand that you do not agree with my suggestion. Until we get some clarification about what the real issue is I believe that my suggestion is as close as he can get to using a different address.

I suspect that you are correct and that there is not any way to use a different address. But till we understand better what the real issue is, my suggestion may be worth considering as a way for the client to use a different address.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: