cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
452
Views
0
Helpful
3
Replies

Cisco Anyconnect VPN

Hari Vishnu
Level 1
Level 1

 The topology I have is as follows:

Internet --> Router (with Public IP) --> ASA (with Private IPs) --> LAN

What I'm trying to achieve is for remote workers to be able to use the Anyconnect client to connect back to the office.  Can you please advice if there are any ways to achieve this ? Basically needs to change the Listening IP address / Termination IP address of SSL Anyconnect VPN.

 

Thanks

 

3 Replies 3

rizwanr74
Level 7
Level 7

Hi Hari,

 

Yes, it is possible from Internet->Router->ASA(on private)->Lan, which means all your public-address bound traffic must be translated on the router and most likely your ASA becomes an access control point.

However if you put your ASA as well on the public address, then your router becomes a transit path and you will have fully translation taking place on the ASA itself, which is preferred from firewall administrative point of view.

 

If you have public IP ranges, you break the public-segment to connect your router and ASA on /30 mask and rest of the public addresses will be usable for service-hostings for cloud-base applications.  

 

Hope this answer your question.

thanks

Rizwan Rafeek

 

 

 

Thanks for your update.

 

So you mean changing the Outside interface IP to public and Performing the NAT translation on the router is the only option ?

 

Thanks

Hari

Hi hari,

you need to assign Public IP add for link between router and ASA and configure the default route on both of them. Router will have additional reverse route for LAN segment as well.

Thanks

Shri.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: