Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anyconnect/Webvpn different ip

Hi,

We have an ASA5510 with the Anyconnect Essentials license. I'm in the process of setting up Anyconnect and immediately run into a question. We have a /29 subnet setup and AFAIK i must use the outside interface address for Anyconnect. However i already have an https service PAT forward on this address. So, can i setup Anyconnect to listen on eg. the second ip in my public subnet?

Thanks,

Dennes

Sent from Cisco Technical Support iPhone App

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Anyconnect/Webvpn different ip

In short, no.

But you can use "port" command under webvpn to listen on another port than 443.

New Member

Re: Anyconnect/Webvpn different ip

You have to use the outside IP address for the WebVPN and anyconnect VPN. However, if you are using port 443 for another pat you can specify the webvpn to use something like 8443 instead for the webvpn using the same outside IP address for both connections. Here is an example of how to change the webvpn port.

config t

webvpn

enable outside

port 8443

Sent from Cisco Technical Support iPad App

4 REPLIES
Cisco Employee

Anyconnect/Webvpn different ip

In short, no.

But you can use "port" command under webvpn to listen on another port than 443.

New Member

Re: Anyconnect/Webvpn different ip

You have to use the outside IP address for the WebVPN and anyconnect VPN. However, if you are using port 443 for another pat you can specify the webvpn to use something like 8443 instead for the webvpn using the same outside IP address for both connections. Here is an example of how to change the webvpn port.

config t

webvpn

enable outside

port 8443

Sent from Cisco Technical Support iPad App

VIP Purple

Re: Anyconnect/Webvpn different ip

If your users connect with a FQDN to your HTTP-server, the better solution would be to change the FQDN in DNS to the second IP and reconfigure your ASA for that. Then you can use the interface-IP with port 443 for VPN.

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Re: Anyconnect/Webvpn different ip

Thanks guys!

I think i'll just change the DNS record to point to another ip in the subnet for my Exchange/Activesync HTTPS, just as Karsten pointed out.

Dennes

1021
Views
5
Helpful
4
Replies
CreatePlease login to create content