cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
100
Views
5
Helpful
1
Replies
Highlighted
Beginner

VPN on ASA with IP Address different from the IP of the outside interface

We want to configure VPN on ASA to an IP Address different from the IP of the outside interface.

ASA5515, ASA Version 9.6(4)8

Our Company has two public subnets:
    111.222.33.72/30
    111.222.44.208/29

Outside Interface:
    111.222.33.74 255.255.255.252
Default Route (to internet provider):
    111.222.33.73
All traffic coming from the internet is routed by the provide to the outside interface 111.222.33.74

We have some servers in the dmz reachable from outside
    111.222.44.2xx
On the ASA there is an interface configured which acts as default gateway for the systems in the dmz:
    111.222.44.209 255.255.255.248

Now we want to configure Anyconnect VPN for clients outside on the address
    111.222.44.213

Problem: in the Anyconnect Connection Profile we have to specifiy the Interface, usually the outside interface.

An Interface with IP 111.222.44.213 cannot be created on the ASA: ASDM gives an errormessage
    "The IP address, 111.222.44.213/255.255.255.248, cannot overlap with the subnet of interface DMZ"

Is it possible to get VPN working on 111.222.44.213?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: VPN on ASA with IP Address different from the IP of the outside interface

This is not possible. You have to use the Outside ip address (.74) to terminate the Anyconnect session. 

1 REPLY
VIP Engager

Re: VPN on ASA with IP Address different from the IP of the outside interface

This is not possible. You have to use the Outside ip address (.74) to terminate the Anyconnect session. 

CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions