11-07-2012 06:34 PM
Hi guys,
I am trying to configure a SSL VPN on a Cisco ASA5520.
Unfortunately the port 443 of the OUTSIDE interface of ASA is already in use by Microsoft Outlook Web Access and I cannot change the configuration of Outlook. This configuration already in place prevents me to use the public IP of the ASA as Cisco VPN ip address for the webpage.
I don't either want to use a different port so to keep life easy for the users.
I have some public IPs available that I can use so I wanted to use one of them instead of the ASA's OUTSIDE interface. Any idea about how I could do it?
Thanks,
Dario
Solved! Go to Solution.
11-07-2012 07:01 PM
Unfortunately you can't use any other public ip address except the ASA outside interface IP to terminate the SSL VPN.
The only options you have is to either change the outlook to use a different port, or the SSL VPN to use a different port.
11-07-2012 07:01 PM
Unfortunately you can't use any other public ip address except the ASA outside interface IP to terminate the SSL VPN.
The only options you have is to either change the outlook to use a different port, or the SSL VPN to use a different port.
11-07-2012 07:03 PM
Or maybe it's easier to change the outlook web mail to use a different public IP. Just have to configure the DNS to resolve to the new public IP.
11-07-2012 07:08 PM
Hi Jennifer.
Unfortunately I can't change the Mail server's public IP. I will use a different port.
Thanks,
Dario
11-07-2012 07:12 PM
Can you not just change the WebMail address? the Mail server itself (port 25) can continue to use the same Outside IP
11-07-2012 07:19 PM
Hi Jennifer,
I don't think so as Exchange uses the same address for all its services (e.g. mail.mycompany.com).
Changing that address would force me to update the DNS (feasible), change the DMZ/Firewall rules (feasible) and ask the telco to change the reverse DNS to the new IP (unfortunately not feasible).
This situation makes me think that the optimal solution is to use a different port and explain the users to use it :-). Unless I can forward all the traffic coming to the ASA and destined to the public IP that I want to use for the VPN, to the external IP of the ASA firewall. Do you think it could be done?
Thanks,
Dario
11-08-2012 12:00 AM
Ahh, sometimes people use different name for exchange web mail (eg; webmail.mycompany.com), that's why my suggestion earlier.
But if it's not, then different port for SSL VPN would be the only option.
03-25-2013 10:05 PM
hi,
if you change the ip address in the outside interface, and NAT the ip than was before to the exchange server
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide