I'm setting up Anyconnect to replace our Cisco IPsec VPN clients since they are end of life. A part of the process is to get an SSL cert and a FQDN to use for it. I've got that and it's applied to the ASA just fine. Now we don't get those warnings about it not being safe and such. 

The issue is that we have to use a non-standard port for the SSL VPN since 443 is already being forwarded to an internal device. I have unused public addresses at the outside interface of the ASA but I don't know how I could use them. I would like to have a different IP address for the SSL VPN so I don't have to mess with the port forward that is currently in place. I've read up on proxy arp but that seems like it could be problematic. I could have someone connect another cable to a different interface on the ASA (5512-X) and assign that interface the static I want for the VPN but I am not sure that will work well. We have site to site VPNs in place as well. Can I have the ASA listen on two different interfaces at the same time?

Recap:

IP 1 - Primary NAT address, Site to Site tunnels terminate here, Some Cisco IPsec client VPNs terminate

IP 2 - Want to have all Anyconnect clients connect here, migrate all Cissco IPsec legacy clients until they are all on Anyconnect.

Key is that I can't stop listening on IP 1 for the site to site connections.

Thoughts?

Thanks!