09-25-2012 08:08 PM
Hello,
I have an ASA 5510 that has the following setup:
interface Ethernet0/0
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.240 (fake IP address for obvious reasons)
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.0.200 255.255.0.0
interface Ethernet0/2
nameif guest
security-level 100
ip address 10.10.10.1 255.255.0.0
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
nat (guest) 0 access-list nonat
nat (guest) 1 0.0.0.0 0.0.0.0
-------------------------------
What would I need to do in order for a guest Wifi (eth0/2) client to be able to access our VPN that is configured on the outside interface? This is a Cisco AnyConnect VPN setup using the mobile client. As it is, they get DNS from the WAP and try to connect to "vpn.mysite.com" which resolves to the public IP (outside interface) of my ASA.
When I was first asked to allow this change I thought it would be a simple NAT rule but I think I am missing something as I can't seem to get this to work.
Thanks
Solved! Go to Solution.
09-25-2012 08:17 PM
They won't be able to VPN to the outside interface IP Address from the guest network as it is by design not allowed.
They would need to connect to the guest interface ip address to be able to VPN to the ASA from guest network, and you would need to enable AnyConnect on the guest interface as well. "vpn.mysite.com" should then need to resolve to the guest interface ip address when they are connecting via the guest interface.
09-25-2012 08:17 PM
They won't be able to VPN to the outside interface IP Address from the guest network as it is by design not allowed.
They would need to connect to the guest interface ip address to be able to VPN to the ASA from guest network, and you would need to enable AnyConnect on the guest interface as well. "vpn.mysite.com" should then need to resolve to the guest interface ip address when they are connecting via the guest interface.
10-11-2012 05:58 AM
sorry this took so long for me to reply, but this was the correct answer and worked perfectly.
thank you
10-11-2012 06:11 AM
Thanks for the update and glad it's working perfectly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide