So I got tasked with a tricky assignment today...
We have an ASA with inside, outside and wifi interfaces (the other ones are not important). The outside has Public1 IP and the clients from the wifi interface are NATed to Public2 IP address. Is it possible to have wifi clients VPN to Public1 and be able to access inside subnets?
The configured VPNs are functional and there are no other issues.
My guess is that I will have to do some NAT magic? Could it be done?
Solved! Go to Solution.
Unfortunately you can't use the outside IP interface to connect from the wireless interface, but you can activate the anyconnect on the wireless interface.
Depending on your setup you may be able to have the dns server respond with a correct IP for wireless clients. If not, you could use the anyconnect profile and have the both IPs in the server list.
It is not clear whether the Remote Access VPN here is AnyConnect or is something else. The assumption is that it is AnyConnect, but that should be verified. If it is AnyConnect then there is no need for crypto map. AnyConnect does not use crypto map. You would just enable AnyConnect on the wireless interface the same as you did for the outside interface.