03-14-2021 06:34 AM
Hi,
I initially had a number of ipsec vpns functioning correctly on an outer firewall and an SSL ras vpn terminating on an inner firewall all pointing/terminating on the same outside address on the outer firewall.
Due to a design change the RAS vpn must be changed to ipsec. Can i get this to work using the same outside ip address surely there would be a conflict with ports etc. Any help appreciated.
03-14-2021 08:02 AM
Yes it sounds like you'd have a conflict
Why not carry on using SSL-VPN? As long as you use TLS/DLTS 1.2 and the strongest ciphers you should be secure.
03-15-2021 01:15 PM
Hi Rob,
Thanks for taking the time to reply, however the security policy dictates IPsec only.
Regards
03-15-2021 01:30 PM
@ciscokiddy Well either move all VPNs to the inner firewall, nat the traffic and disable ike on the outer firewall. Or get another IP address on the outer firewall and nat the traffic to the inner firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide