Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

redirect Web SSL VPN to another outside ip possible?

Hi it is possible to redirect the web ssl vpn to another outside ip from my external range or could i only use the outside interface?

For example:

ASA outside: 213.23.4.50 (https://213.23.4.50)

Redirect to oustide: 213.23.4.51 (https://213.23.4.51)

same question for redirect the vpn client external ip to another than the outside ip of asa.

regards

jason

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: redirect Web SSL VPN to another outside ip possible?

Jason,

Fairly easy

bsns-asa5520-10(config)# webvpn
bsns-asa5520-10(config-webvpn)# port ?

webvpn mode commands/options:
  <1-65535>  The WebVPN server's SSL listening port. TCP port 443 is the
             default.

Please note though that your users will have to use

https://My.domain.tld:PORT

to connect ... same for clientless and SVC.

Marcin

6 REPLIES
Cisco Employee

Re: redirect Web SSL VPN to another outside ip possible?

Jason,

As far as I know ASA willonly terminate on interface IP which you enable under webvpn (unlike IOS ...)

But I may have pre-8.x knowledge on this.

What would be the point?

Marcin

New Member

Re: redirect Web SSL VPN to another outside ip possible?

Thanks for the answer Marcin.

The point is that on the same IP (outside) https is enable for exchange webmail (owa).

and if i connect through the ssl vpn ip i connect to the exchange iis and not ssl vpn login side..... is there a solution for that or do i have to re adress the dns mail record or change the outside ip of the asa and change the nat rules?

Cisco Employee

Re: redirect Web SSL VPN to another outside ip possible?

Jason,

Wouldn't you rather consider moving your webvpn to a different TCP port than moving whole IP?

If that's not a possibility, changing your NAT + MX records to accmodate exchange on different IP would be more approachable solution.

Marcin

New Member

Re: redirect Web SSL VPN to another outside ip possible?

thats a good idea. How could i move the port?

Cisco Employee

Re: redirect Web SSL VPN to another outside ip possible?

Jason,

Fairly easy

bsns-asa5520-10(config)# webvpn
bsns-asa5520-10(config-webvpn)# port ?

webvpn mode commands/options:
  <1-65535>  The WebVPN server's SSL listening port. TCP port 443 is the
             default.

Please note though that your users will have to use

https://My.domain.tld:PORT

to connect ... same for clientless and SVC.

Marcin

New Member

Re: redirect Web SSL VPN to another outside ip possible?

thanks Marcin.

625
Views
0
Helpful
6
Replies
CreatePlease to create content