cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
546
Views
5
Helpful
1
Replies

VPN on ASA with IP Address different from the IP of the outside interface

jj458
Level 1
Level 1

We want to configure VPN on ASA to an IP Address different from the IP of the outside interface.

ASA5515, ASA Version 9.6(4)8

Our Company has two public subnets:
    111.222.33.72/30
    111.222.44.208/29

Outside Interface:
    111.222.33.74 255.255.255.252
Default Route (to internet provider):
    111.222.33.73
All traffic coming from the internet is routed by the provide to the outside interface 111.222.33.74

We have some servers in the dmz reachable from outside
    111.222.44.2xx
On the ASA there is an interface configured which acts as default gateway for the systems in the dmz:
    111.222.44.209 255.255.255.248

Now we want to configure Anyconnect VPN for clients outside on the address
    111.222.44.213

Problem: in the Anyconnect Connection Profile we have to specifiy the Interface, usually the outside interface.

An Interface with IP 111.222.44.213 cannot be created on the ASA: ASDM gives an errormessage
    "The IP address, 111.222.44.213/255.255.255.248, cannot overlap with the subnet of interface DMZ"

Is it possible to get VPN working on 111.222.44.213?

1 Accepted Solution

Accepted Solutions

Rahul Govindan
VIP Alumni
VIP Alumni

This is not possible. You have to use the Outside ip address (.74) to terminate the Anyconnect session. 

View solution in original post

1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

This is not possible. You have to use the Outside ip address (.74) to terminate the Anyconnect session. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: