09-04-2018 06:55 AM - edited 03-08-2019 04:04 PM
Currently my ASA 5505 is setup using our WAN address from ISP for outside interface and vpn. Our ISP is changing the WAN block but not the what they call the Lan block.. It is outward facing not a private ip space. My question is how to I use the IP's in the Lan block for use in the VPN. Do I create NAT statements since the 8 ips they gave are routed across my wan IP? Little help here is appreciated.
09-04-2018 07:41 AM
I am not sure if I understand the question but if you are referring to ssl VPN, you would need to use an IP on the external site (Internet) for vpn and not internal. Ssl vlan is for remote users to log in to a network using a public IP/name. If this is already in place, after changing the IP, you would need to change DNS as well.
HTH
09-04-2018 08:17 AM
We currently have 1 wan IP and 8 lan side IPs from AT&T. Current setup is using the WAN IP from AT&T which is in 12.247.7x.xxx. This what the outside interface is setup on and also the vpn. We have 8 lan side from AT&T 12.202.13x.xxx /28. My question is to use and ip in the space from the lan side for vpn do I need to create a NAT statement since that network is routed at the ISP router to our outside address?
09-04-2018 12:25 PM
Since the IPs are public and provided by the ISP, there is no need for NAT.
HTH
09-05-2018 11:08 AM
The original poster keeps referring to using an IP supplied by the provider for vpn. I am not clear what he means. Is this vpn a site to site vpn? or is it a remote access vpn? In what way do they want to use the provider public IP for vpn? Perhaps if we understood this we might be able to give better answers.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide