Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco ASA SSL Vpn Client and Clientless IP Address question.

Hi Guys,

I was wondering when I configure either the clientless or client based SSL VPN on an ASA (8.0) can I specify an IP address which is routable to the firewall or does it have to be the IP of the firewalls outside interface?

so for example if my outside interface is

202.131.134.1/27      Does the SSL VPN have to be configured for 202.131.134.1? or can it be configured for any IP in that subnet? or even any IP that is routed to the firewall?

The problem I have is I am port forwarding HTTPS traffic on the actual interface address so I wanted to see if I can use other IP in the interfaces subnet.

cheers.

1 REPLY
New Member

Re: Cisco ASA SSL Vpn Client and Clientless IP Address question.

I think what you would have to do is setup another interface and assign it to the outside as well. Similar to whats being done in this guide:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Then just enable the webvpn for that interface.

The down side to this is that you will need a free interface and the one for the basic asa will not work as it only goes one way.

Or you could change port the WebVPN listens on. See Solution 2 in the following guide.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml

Hope that helps.

606
Views
0
Helpful
1
Replies