Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3107
Views
5
Helpful
4
Replies

Anyconnect/Webvpn different ip

Go to solution
dennesmeeusen
Level 1
Level 1

‎08-29-2012 10:16 AM - edited ‎02-21-2020 06:18 PM

Hi,

We have an ASA5510 with the Anyconnect Essentials license. I'm in the process of setting up Anyconnect and immediately run into a question. We have a /29 subnet setup and AFAIK i must use the outside interface address for Anyconnect. However i already have an https service PAT forward on this address. So, can i setup Anyconnect to listen on eg. the second ip in my public subnet?

Thanks,

Dennes

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎08-29-2012 11:47 AM

In short, no.

But you can use "port" command under webvpn to listen on another port than 443.

View solution in original post

0 Helpful

Go to solution
Nicholas Copeland
Level 4
Level 4

‎08-29-2012 11:51 AM

You have to use the outside IP address for the WebVPN and anyconnect VPN. However, if you are using port 443 for another pat you can specify the webvpn to use something like 8443 instead for the webvpn using the same outside IP address for both connections. Here is an example of how to change the webvpn port.

config t

webvpn

enable outside

port 8443

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎08-29-2012 11:47 AM

In short, no.

But you can use "port" command under webvpn to listen on another port than 443.

0 Helpful

Go to solution
Nicholas Copeland
Level 4
Level 4

‎08-29-2012 11:51 AM

You have to use the outside IP address for the WebVPN and anyconnect VPN. However, if you are using port 443 for another pat you can specify the webvpn to use something like 8443 instead for the webvpn using the same outside IP address for both connections. Here is an example of how to change the webvpn port.

config t

webvpn

enable outside

port 8443

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎08-29-2012 11:57 PM

If your users connect with a FQDN to your HTTP-server, the better solution would be to change the FQDN in DNS to the second IP and reconfigure your ASA for that. Then you can use the interface-IP with port 443 for VPN.

Sent from Cisco Technical Support iPad App

Go to solution
dennesmeeusen
Level 1
Level 1
In response to Karsten Iwen

‎08-30-2012 12:14 AM

Thanks guys!

I think i'll just change the DNS record to point to another ip in the subnet for my Exchange/Activesync HTTPS, just as Karsten pointed out.

Dennes

0 Helpful
Customers Also Viewed These Support Documents