Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
5
Helpful
2
Replies

How to configure a different external IP for anyconnect clients to use aside from the main external interface ip

Go to solution
mn-sysadmin
Level 1
Level 1

‎07-10-2019 04:27 PM

I have an external public IP address on my 2130 HA pair. the .1 is on the primary unit and the .2 is th HA standby IP for the standby unit.

 

If I point anyconnect at the main external interface public IP I can connect and vpn works fine

 

My question is how can I configure an additional public ip in the same /23 public subnet to act as the end point that anyconnect clients connect to instead of the main external interface public ip?

 

I know with NAT rules the additional public ip is configured as part of the NAT rule, but I dont see any way to do this for AnyConnect. I can't add a subinterface to the external interface without triggering an error that says the sub interface with the additional IP is using the same vlan/subnet as the main interface

 

Is this possible or am I limited to only being able to use the main external interface IP for anyconnect clients to connect to?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-11-2019 12:44 AM

Hi,
You can only use the outside/external interface IP address to terminate VPN sessions, you cannot assign another IP address for VPN to connect to.

HTH

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎07-11-2019 12:44 AM

Hi,
You can only use the outside/external interface IP address to terminate VPN sessions, you cannot assign another IP address for VPN to connect to.

HTH

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Rob Ingram

‎07-11-2019 05:39 AM

Like @Rob Ingram says: +5

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card