Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring multiple WebVPN portals

Here is the situation...I have an ASA 5520 in single context mode and I need to configure multiple inbound WebVPN portals for different clients. What is the best way to accomplish this? On my outside interface I have a public IP. If I try to add a subinterface with an IP in the same subnet it tells me it can't overlap the subnet on the outside. I have other public IPs issued from my ISP that I could create a subinterface with, but I'm not sure if that is the way to go. From my reading I have learned there are probably multiple ways to accomplish this.

1. By taking the IP address off the physical outside INT and creating multiple subinterfaces (will this allow me to use multiple public IPs on the same subnet - in an effort to conserve public IPs?)

2. Create a subinterface with a seperate public IP address (Is this viable? I'm not sure how you would configure the ASA so it would know where to send outbound traffic because of the default route stating to use the original outside interface)

3. By going to multiple context mode (I'm licensed for 2)

is there another way to accomplish this? thanks for your help.

3 REPLIES
Cisco Employee

Re: Configuring multiple WebVPN portals

Hello,

Multi context mode doesn't support VPN, so that's out. What you are trying to accomplish can be done via group-url:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

New Member

Re: Configuring multiple WebVPN portals

Is that the only way to accompish this? For security reasons we do not want clients to be able to see each other, even if only in a drop down menu. Also, we already have multiple group policies and connection profiles set up that are assigned by their user name and location in Active Directory.

Re: Configuring multiple WebVPN portals

Just use the following link to make the portals:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a008094abcb.shtml

Then map them to each user group. By default web-vpn users (not SSL client) cannot see each other. They never really become part of your network like regular VPN (IPSEC or SSL thick client).

Regards

Farrukh

392
Views
0
Helpful
3
Replies
CreatePlease to create content