Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
1
Replies

Configure ASA Remote Access VPN for 2nd public interface

mcmurphytoo
Level 1
Level 1

‎06-05-2013 10:47 AM - edited ‎02-21-2020 06:57 PM

  Our ASA 5510 was configured with a public interface, a DMZ interface, and a private interface.  I have a remote access VPN using AnyConnect client and LDAP authentication for Active Directory.  We are changing ISP (groan!), which means all new public IP addresses.  The new circuit is installed, so I have a second public interface (same security level as the first public interface, wholly different IP address range) enabled on the ASA.  I hope to transition whatever I can, which means get the VPN access through either public interface.  Can I just enable client access on the second public interface at the Anyconnect Connection Profiles tab in ASDM?  That seems too simple.  Can they share the one address pool?                       

Labels:
0 Helpful
1 Reply 1

mcmurphytoo
Level 1
Level 1

‎06-06-2013 08:22 AM

To tack on thoughts from my further research, it looks like maybe a no.  Traffic from remote access client arrives from a random public IP address, so traffic back to the client must take the default route.  That would rule out making both interfaces available for remote access.  If that's right, I can't move the Remote access work from old to new interface as one transition step.  That will have to wait for the ISP cutover, when the default route will change from old to new interface.  Any other thoughts?

0 Helpful
Customers Also Viewed These Support Documents