- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 11:00 AM
I cant access to RA VPN web interface from my internal network but from external interface everything works fine, do i need to create some nat rule or something else can you give me example?
Solved! Go to Solution.
- Labels:
-
AnyConnect
-
Remote Access
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 03:10 AM
I think you need to enable HTTPS to INside interface, check guide above.
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 11:05 AM - edited 01-01-2024 11:06 AM
Enable SSL-VPN on the inside interface. Example (just replace the nameif if it is not INSIDE).
webvpn
enable INSIDE
Alternatively if you are using IKEv2/IPSec
crypto ikev2 enable INSIDE
You can then connect to the inside IP address to establish an RAVPN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 06:37 PM
Can i do this from FMC or where?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 11:08 AM
Share config let me check
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 06:39 PM
Here i enabled to access ra vpn from 2 outside networks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 08:19 PM
use new anyconnect file
in end you can specify INside as interface for anyconnect
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 11:21 PM
НщгНщ
You mean this interface selection but i have tried to add inside interfaces, it doesn't work i have vlan inside interfaces
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2024 11:58 PM
@sherali mamatkarimov on the FMC you have to specify the Zone the interface is a member of not the interface itself. Ensure your VLAN(s) are a member of a Zone and then add the Zone as a RAVPN Access Interfaces (as per screenshots above).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 12:42 AM
As you said a have added inside vlan zone to access interface to RAVPN but i still can't web access. In web address i should write vlan interface gateway am i right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 12:52 AM
@sherali mamatkarimov yes, use the ip address of the vlan when connecting to the VPN.
Why even connect to the VPN from the inside network?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 01:01 AM
I just want to access to RA VPN web page to be able to download vpn client from inside network. I don't want to connect vpn from inside. i think i need some nat rule but i don't know how to do this
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 01:09 AM
@sherali mamatkarimov you don't need a NAT rule if you enable SSL-VPN on the inside interface and you connect from inside the network to the inside VLAN interface IP address, as traffic does not go through the FTD then.
From a web browser the user just connects to the inside interface VLAN IP address, logins and downloads the client. FYI, if the user is on the outside they can also connect to the outside IP address and download the client as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 01:38 AM
Ok i understand this but anyway i cant access to web site how can i troubleshoot this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 03:10 AM
I think you need to enable HTTPS to INside interface, check guide above.
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 12:55 AM
Enabling SSL-VPN on the inside interface is a solid move for secure connections. Whether using webvpn or IKEv2/IPSec, connecting to the inside IP address ensures a reliable and protected RAVPN setup.
