redirect vpn dial-up ip on asa

born.jason · ‎10-20-2010

Hi,

i have a asa with an external ip range.

Asa has outside ip : 212.201.54.67

Many clients have this ip in the cisco vpn client profile. Now i want to change the outside ip of the asa. It is possible to keep this ip 212.201.54.67 as dial up vpn ip if the asa have another outside ip ?

cheers

jason

Marcin Latosiewicz · ‎10-20-2010

Jason,

As far as I know ASA will only terminate VPN (SVC and IPSec) on IP address assigned to interface you enabled given feature on.

May I ask if this is the same setup we discussed where you had seemingly very similar question for SSLVPN?

Marcin

born.jason · ‎10-21-2010

Yes, its the same.

So i think i will distribute a new pcf profile.

Marcin Latosiewicz · ‎10-21-2010

Jason,

Here's an idea.

To avoid this problem in future how about relying on DNS?

Instead of sending a lot of PCF files you'd just need to tweak your DNS for

vpn.example.com IN A record (or potentially AAAA) from older IP to the new one.

That is assumign you have control over DNS for example.com :-)

Marcin

born.jason · ‎10-21-2010

Yes this was an idea i was also thinking about. And i`ll maybe do this for the future.