08-07-2013 08:41 PM - edited 02-21-2020 07:04 PM
Hi,
Does anyone know if i can assign a seperate external ip address to intercept anyconnect ssl request other then assign it to an interface, which normally is external/outside? This is for the ASA 5520 model.
08-07-2013 09:17 PM
You have to assign an interface (by name) to accept the incoming crypto IKE connections. While it technically doesn't have to be the "outside" interface it does have to have be an interface with a publicly routable address that would not have asymmetric routing.
In 99.99% of use cases that means using the outside interface. In fact, I've never seen anyone use anything but "outside".
08-07-2013 09:42 PM
Thanks for replay my question. I understand the part that it will be assign to an interface however I would like to use a different public ip address rather than the one assigned to an outside interface. I was thinking about doing a twice nat to nat the outside public to another publicc io address but couldn't get it to work. Any know the answer to that, please let me know.
Sent from Cisco Technical Support Android App
08-07-2013 09:46 PM
What's your rationale for not wanting to use the outside interface address?
If it's already in use on port 443 for some other already-NATted server, it's usually easier to make that server NAT to a different IP and just update the DNS record for the FQDN that outside access comes in for that server.
08-08-2013 12:15 PM
the reason i need to use a different public ip address is because my circuit service provider also has a firewall that only allow certain ip address for inbound ssl traffic. i want the outside interface stay with the same ip address since my company would like stay with that ip for all global nat translation. Thanks Marvin for answering my question. now i have decide to change the global nat statement to use an ip address instead the interface and change the outside interface ip address.
08-08-2013 12:25 PM
You're welcome. Please rate helpful replies and mark your question as answered if it has been.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide