Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
1
Replies

WebVPN design issue

cco1
Level 1
Level 1

‎09-29-2009 06:38 AM - edited ‎02-21-2020 03:42 AM

Hi,

i've got a question concerning the WebVPN feature of the ASA 5520. In our setup there is an outside interface and an inside interface. WebVPN is enabled on the outside interface and clients can connect there via browser on the portal site of the ASA. Theres a bookmark on that portal site, that points to a internal web server. When looking the log files, the request of the client is like: Client -> ASA -> Web server. The ASA replaces the source IP of the client with the IP of the inside interface. The question now is: is it possible (maybe with NAT?) to tell the ASA to replace the source ip of the client with a specific ip adress (or pool of adresses)? Or does the ASA in the WebVPN scenario always replace the clients source ip with the inside interface ip adress?

Thanks in advance!

Marco

0 Helpful
1 Reply 1

platinum_jem
Level 1
Level 1

‎09-30-2009 12:01 AM

In your webserver log, you will always see the ASA internal IP accessing the webserver (instead of the client).

This behaviour is by design.

What happens here is, when the WebVPN user click on the link, ASA itself will fetch the data from the webserver. The WebVPN client will never have a chance to know where is this server, nor the server know where is this 'real' client.

So if you are talking about traceability, you have to do this at both the webserver logs and the WebVPN logs. Ensure the time is in sync so that you can make the correct references.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card