cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
470
Views
5
Helpful
1
Replies

how to have multiple anconnect vpn interface in ASA

um1
Level 1
Level 1

Hi,

We are migrating from one ISP to another and want to migrate anyconnect vpn too to the new interface of ASA. Currently user connect to VPN using anyconnect client on the PC and using OUTSIDE (ISP 1) ip address of the ASA. Now that we have one more Internet on the same ASA nameif OUTSIDE_1 (via ISP 2) running in parallel to OUTSIDE. before we shutdown ISP1 (OUTSIDE) we want to make sure users can connect to anyconnect VPN via OUTSIDE_1. is there a way to achieve this and what configurations will be required. do we need to have 2nd anyconnect configuration completely replicate and somehow map it to OUTSIDE_1 or can we have same configurations map to both OUTSIDE and OUTSIDE_1 at the same time.

Please note for test purpose we will configure a static route for specific user source IPs to be routed via OUTSIDE_1. need to know what else is required.

1 Reply 1

This is quite easy and there is no need for specific static routes for specific users.

  1. Befor you start, you need to have a primary/backup configuration for outside/outside_1 in place. I assume you already have this.
  2. Enable outside_1 in your webvpn-configuration
  3. Enable your trustpoint on outside_1
  4. point your DNS entry to the outside_1 IP
  5. Done

If you have a second name in your certificate or a second certificate, you can run AnyConnect on both interfaces in parallel to test it.

Or before changing the DNS in 3) you can point your FQDN on a test-PC to your second IP and test it there.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: