cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


170
Views
5
Helpful
2
Replies
Highlighted
Beginner

How to configure a different external IP for anyconnect clients to use aside from the main external interface ip

I have an external public IP address on my 2130 HA pair. the .1 is on the primary unit and the .2 is th HA standby IP for the standby unit.

 

If I point anyconnect at the main external interface public IP I can connect and vpn works fine

 

My question is how can I configure an additional public ip in the same /23 public subnet to act as the end point that anyconnect clients connect to instead of the main external interface public ip?

 

I know with NAT rules the additional public ip is configured as part of the NAT rule, but I dont see any way to do this for AnyConnect. I can't add a subinterface to the external interface without triggering an error that says the sub interface with the additional IP is using the same vlan/subnet as the main interface

 

Is this possible or am I limited to only being able to use the main external interface IP for anyconnect clients to connect to?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: How to configure a different external IP for anyconnect clients to use aside from the main external interface ip

Hi,
You can only use the outside/external interface IP address to terminate VPN sessions, you cannot assign another IP address for VPN to connect to.

HTH
2 REPLIES 2
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: How to configure a different external IP for anyconnect clients to use aside from the main external interface ip

Hi,
You can only use the outside/external interface IP address to terminate VPN sessions, you cannot assign another IP address for VPN to connect to.

HTH
Hall of Fame Master

Re: How to configure a different external IP for anyconnect clients to use aside from the main external interface ip

Like @RJI says: +5