Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1746
Views
0
Helpful
7
Replies

Cisco Anyconnect with loopback interface

kamesh_peri
Level 1
Level 1

‎04-02-2016 09:44 PM - edited ‎02-21-2020 08:45 PM

Hi,

I wanted to configure Anyconnect on my ASAs (A/P cluster 5585, 9.2) (i have 2 ISPs for link fail-over) is there any option to reduce public IP usage? ( example introducing loop-back interface)

Thanks,

Sankar

Labels:
0 Helpful
7 Replies 7

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎04-02-2016 10:42 PM

Hi Kamesh,

We cannot create a loopback IP on ASA as it is not supported.

Regards,

Aditya

Please rate helpful posts.

0 Helpful

kamesh_peri
Level 1
Level 1
In response to Aditya Ganjoo

‎04-03-2016 12:04 PM

Ok, thank you Aditya

0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎04-02-2016 11:19 PM

Kamesh,

If you have 2 active internet connections on the ASA, then you can use one interface to terminate IPSec and another to terminate Anyconnect.

This will work due to the way the ASA's routing table is currently designed. ASA maintains not only global routing table but per-interface routing table as well.

In case of Anyconnect VPN or SSH/Telnet, ASA creates a connection for forward flow and reverse flow for initial request and does not go through route look-up mechanism and just uses egress interface (where the request was received) to send the reply out. Anyconnect session will follow per-interface routing table.


Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

kamesh_peri
Level 1
Level 1
In response to Dinesh Moudgil

‎04-04-2016 08:40 AM

Thanks so much, is there any way to reduce usage of public IP

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to kamesh_peri

‎04-04-2016 10:15 AM

Hi Kamesh,

Could you please elaborate the requirement ?

What is the need for reducing usage of Public IP ?

Are we having mutiple application servers on the inside and for them we need different NAT statements ?

Let us know what is the public IP subnet you are using.

Regards,

Aditya


Please rate helpful posts and mark correct answers.

0 Helpful

kamesh_peri
Level 1
Level 1
In response to Aditya Ganjoo

‎04-04-2016 03:05 PM

HI Aditya,

As per below, i have to setup Anyconnect / Site-to-Site on one cluster, in other hand DMVPN setup with individual links, in this scenario how can i reduce Public IP usage ?

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to kamesh_peri

‎04-05-2016 09:52 AM

Hi Kamesh,

Anyconnect/S2S will only use one public IP.

Also what is the role of ASA's in the DMVPN setup ?

Are they just passthrough devices ?

Regards,

Aditya

0 Helpful
Customers Also Viewed These Support Documents