Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
2
Replies

VPN Termination on Inside Network

snowmizer
Level 1
Level 1

‎04-18-2011 10:58 AM - edited ‎03-11-2019 01:22 PM

I am setting up a new ASA 5510 on our inside network so that we can terminate our VPN connections on this ASA. I can get the VPN to work fine however I noticed that once I turned on my VPN profiles now when I try to access the ASDM I'm getting the VPN logon page. So I decided that in order to resolve this I need a separate interface dedicated to management of my ASA.

I'm trying to come up with the best way to do this. I've got two ports on the ASA plugged into my core switch. One is on a separate VLAN from the rest of my network traffic. This is the port I want to use for management. The second will be used to route all of my VPN traffic.

So far I haven't been able to get this to work at all. My thought was that it had to do with routes, NAT and ACLs. I've been playing with them but can't get any combination to work.

Is what I'm doing possible? How have other people set this up?

Thanks.

Labels:
0 Helpful
2 Replies 2

snowmizer
Level 1
Level 1

‎04-18-2011 11:49 AM

Been thinking about this a bit more. Basically we would like to terminate our VPN on the inside network so that we can filter our VPN users via our Websense V10K. We are also going to be implementing a guest network. If I terminate my VPN on the inside network then I can set up my Internet facing ASA so that it uses virtual firewalls and thus keep separate firewall rules for each network.

What I really need to do is have the ability to configure two IPs on my inside network range (one for management and one for VPN) since using the same IP for VPN termination and management causes issues where I can never access the ASDM from this IP.

Example: Ethernet0/0

               IP 10.1.10.200

Once I set up my VPN on this interface when I enter https://10.1.10.200 I get the VPN logon page not the ASDM page.

Can this be done?

Thanks.

0 Helpful

snowmizer
Level 1
Level 1
In response to snowmizer

‎04-21-2011 07:12 AM

I think I've figured out how to get around my issues here. I'll just change the ASDM port from 443 and leave the VPN port at 443. Then I'll just figure that I will manage it from the same interface where I'm terminating my VPN and just control who has access to the ASDM and SSH.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card