02-04-2021 09:18 AM
Is it possible to use a different IP from our WAN subnet for RA VPN?
We currently port-forward 443 to an internal proxy server on the interface IP. We do this for a couple of reasons. I realize I can use a different external port for this but thought there would be some benefits to having the VPN on it own external IP.
We currently using Firepower 1140s managed by FMC.
Solved! Go to Solution.
02-04-2021 09:24 AM
You can only terminate a VPN (RA or L2L) on an IP address assigned to a physical interface (i.e. OUTSIDE) of an FTD or ASA, so in your scenario no.
If you don't want to change the existing nat to a spare IP address, then you could change the SSL-VPN port or use IPSec instead on the existing IP address assigned to the outside interface.
HTH
02-04-2021 09:20 AM - edited 02-04-2021 09:27 AM
Sure you can use free IP address for your VPN bind to interface. (it has own advantages than using external IP configured in shared basis).
02-04-2021 11:14 AM
Is there documentation or something that explains how to do this? I can't find anything and when I setup the VPN it only allows me to select the interface.
02-04-2021 11:37 AM
There may be a typo in my last message, you need to have the interface configured with IP to get working.
02-04-2021 12:19 PM
So just to be clear. I have a wan subnet xxx.xxx.xxx.0/28 from my ISP. xxx.xxx.xxx.1 is the ip assigned to my wan interface. I can't setup xxx.xxx.xxx.2 for my RA VPN.
02-04-2021 12:21 PM - edited 02-04-2021 12:22 PM
No, not unless you change the physical interface of the device to .2. You can only terminate a VPN on the physical interface.
02-04-2021 09:24 AM
You can only terminate a VPN (RA or L2L) on an IP address assigned to a physical interface (i.e. OUTSIDE) of an FTD or ASA, so in your scenario no.
If you don't want to change the existing nat to a spare IP address, then you could change the SSL-VPN port or use IPSec instead on the existing IP address assigned to the outside interface.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide